Filip Höfer

Platform-based Authorization Technologies: Traditional and Modern Authorization Technologies with Focus on the Windows Platform Filip Höfer

Computing platforms - such as Windows operating systems - traditionally support authorization to protect accesses to well-defined persistent objects, e.g., files. Operating system authorization is usually based on the model of Discretionary Access Control (DAC) and is realized via Access Control Lists (ACLs). These mechanisms do not satisfy the needs of applications that process resources at higher levels of abstraction than the operating system. Therefore, Microsoft introduced a new authorization framework - Authorization Manager (AzMan) - which is built on the Role-Based Access Control (RBAC) model. This book presents experiences with AzMan and investigates possible relations to other technologies, such as XACML and PCIM. The comparison focuses on AzMan versus XACML and leads to proposing integrated solutions in order to enhance AzMan-based environments. Prototype implementations are described and the usage of the technologies is demonstrated. Results are used to assess the viability of the technologies and future evolvement.