Abstract
The problem that we address is the inability of businesses to correctly and completely specify what an automated Identity Management and Access Control (IMAC) solution must do within their organisation. This paper reports on experiments with a tool that, from a given set of business rules, generates a functional specification as well as code for a software component that provably enforces each rule. This tool allows a business architect to experiment with different sets of IMAC rules (policies) so as to find the most appropriate set of rules for the business context. Creating a demo around the generated software component provides hands-on proof to the business that they can understand. New to our work is the use of relation algebra, which provides a way to build and prove IMAC policies simultaneously. On a larger scale, this approach may help to solve cross-domain identity issues e.g. between governmental organizations.
Chapter PDF
Similar content being viewed by others
References
Kruit, M.: Role Based Access Control bij ABN AMRO — Een lange en heuvelachtige weg. In: Identity 2006, IIR (October 2006)
Wijnschenk, A., Willigenburg, S., van Andel, K.: Implementatie bij AEGON NL. In: Identity 2006, IIR (October 2006)
Kotteman, D.: Access control, role based? In: Identity 2006, IIR (October 2006)
Bus, R.A.: Role based access control implementation strategy. In: Identity 2006, IIR (October 2006)
van den Branden, E.: Identity 2006. In: Identity 2006, IIR (October 2006)
Gebel, G.: The importance of role management for compliance and user provisioning. In: Identity 2006, IIR (October 2006)
OMG: Semantics of business vocabulary and business rules specification (2006)
Joosten, S., Joosten, R.: Specifying business processes by means of rules. In: Proceedings European Business Rules Conference, Amsterdam (June 2005)
United States Code: Sarbanes-Oxley Act of 2002, HR 3763, PL 107-204, 116 Stat 745. Codified in sections 11, 15, 18, 28, and 29 USC (2002)
American National Standards Institute: ANSI INCITS 359-2004 for information technology — role based access control (2004)
Joosten, R., Beute, B.: Requirements for personal network security architecture specifications — PNP2008 D2.4. Technical report, Freeband PNP2008 (april 2005)
Joosten, R.: RBAC Specification for Personal Networks — PNP2008 D2.5. Technical report, Freeband PNP2008 (October 2005)
Höhn, S., Jürjens, J.: Automated checking of SAP security permissions. In: 6th Working Conference on Integrity and Internal Control in Information Systems (IICIS), Lausanne, Switzerland (Nov. 13–14 2003)
Freeband PNP2008 project: http://pnp2008.freeband.nl (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Joosten, R., Joosten, S. (2008). Automating Identity Management and Access Control. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds) The Future of Identity in the Information Society. Privacy and Identity 2007. IFIP — The International Federation for Information Processing, vol 262. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-79026-8_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-79026-8_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-4629-4
Online ISBN: 978-0-387-79026-8
eBook Packages: Computer ScienceComputer Science (R0)