A Scalable Permission Management System With Support of Conditional and Customized Attributes
share
Along with the classical problem of managing multiple identities, actions, devices, APIs etc. in different businesses, there has been an escalating need for having the capability of flexible attribute based access control (ABAC) mechanisms. In order to fill this gap, several variations of ABAC model have been proposed such as Amazon's AWS IAM, which uses JSON as their underlying storage data structure and adds policies/constraints as fields over the regular ABAC. However, these systems still do not provide the capability to have customized permissions and to perform various operations (such as comparison/aggregation) on them. In this paper, we introduce a string based resource naming strategy that supports the customized and conditional permissions for resource access. Further, we propose the basic architecture of our system which, along with our naming scheme, makes the system scalable, secure, efficient, flexible and customizable. Finally, we present the proof of concept for our algorithm as well as the experimental set up and the future trajectory for this work.
READ FULL TEXT