performance assessment of xacml authorizations for supply chain traceability web services
DESCRIPTION
TRANSCRIPT
Miguel Pardal, Performance Assessment of XACML Authorizations
Slide 1
Performance Assessment of XACML Authorizations
for Supply Chain Traceability Web Services
Miguel Pardal, Mark Harrison, Sanjay Sarma, José Alves Marques
Técnico Lisboa, University of Cambridge, Massachusetts Institute of Technology
Miguel Pardal, Performance Assessment of XACML Authorizations
Traceability systems assessment framework
Slide 2
http://trakchain.net
Miguel Pardal, Performance Assessment of XACML Authorizations
Each individual item takes a unique path...
Slide 3
The data sharing policy must also be unique!
Miguel Pardal, Performance Assessment of XACML Authorizations
Traceability data security
Slide 4
Miguel Pardal, Performance Assessment of XACML Authorizations
Data access control
Slide 5
Miguel Pardal, Performance Assessment of XACML Authorizations
SCAz – Supply Chain Authorization Language
• To express data sharing policies using - EAC - Access control lists
- CCT – Chain of Communication Tokens
- CTA – Chain of Trust Assertions
Slide 6
Miguel Pardal, Performance Assessment of XACML Authorizations
Data sharing policy in RDF format
:company0 a cta:Organization .
:company1 a cta:Organization .
:item0 a cta:Identifier .
:record0 a cta:Record .
:policy0 a cta:Policy .
:company0 cta:publishes :record0 .
:record0 cta:about :item0 .
:company0 cta:creates :policy0 .
:policy0 cta:protects :item0 .
:policy0 cta:grantsRead :company0 .
:policy0 cta:grantsRead :company1 .
Slide 7
Miguel Pardal, Performance Assessment of XACML Authorizations
Slide 8
Data sharing policy in RDF format
Miguel Pardal, Performance Assessment of XACML Authorizations
Externalized security
•Authentication
- SAML
•Message level (cryptographic) protection
- TLS
- WS-Security
•Authorization
- XACML
Slide 9
Miguel Pardal, Performance Assessment of XACML Authorizations
eXtensible Access Control Markup Language
Slide 10
Miguel Pardal, Performance Assessment of XACML Authorizations
XACML request processing
Slide 11
Miguel Pardal, Performance Assessment of XACML Authorizations
Performance assessment tool
Slide 12
Miguel Pardal, Performance Assessment of XACML Authorizations
Raw evaluation time with increasing number of policies
Slide 13
Miguel Pardal, Performance Assessment of XACML Authorizations
XACML evaluation time with increasing number of policies
Slide 14
Miguel Pardal, Performance Assessment of XACML Authorizations
Raw versus XACML overheads
Slide 15
Miguel Pardal, Performance Assessment of XACML Authorizations
Contributions
• Data sharing policies - XACML translation
- Correctness check
- Performance assessment
• Chain-of-Trust implementation - Using Semantic Web Technologies
- More expressive
• Future work - Pharma pedigree & recall case study
- Take advantage of added expressivity • Reciprocal trust
• Downstream trust
• …
Slide 16
Miguel Pardal, Performance Assessment of XACML Authorizations
Visit http://trakchain.net
Slide 17
Obrigado!