Access Control Engines

Interested in security and access control? Then you want to look at the XACML standard for describing access control policies.

One good start in this topic is through the Drools engine (which is part of a large family of RedHat JBoss components). Already an XACML engine exists as a JBoss component called PicketBox, but this handles only XACML 2.0. Can you extend it to the current 3.0 version?

You may be spending time in the Tellu company, which has Drools at the core of their products and are interested in access control.

See project link. Ask for discussions with one of the supervisors, for more information or variations of the project. See also general concerns.

Drools, as well as the jBPM6 component for Business Processes Management, could benefit greatly from a thorough study into access control policies and management. Of particular interest is how XACML fits with these rule-based engines.

Knowledge of Java is needed, because Drools, jBPM6, and PicketBox are build in Java (Drools uses Java Beans). Drools is a Rules Engine (among other things) developed by the RedHat community which is very much concerned with optimization of their projects and conforming with international standards.

But study into other access control engines is very encouraged.

As learning outcomes, the student will become familiar with RedHat’s JBoss Drools engine and probably with the XACML engine PicketBox. The student will become expert in the XACML 3.0 standard and will be familiar with other existing related standards, like the SAML 2.0, as well as with other existing engines like the Balana. Moreover, the student could gain experience with contributing to a large scale software project maintained by an open-source community.

XACML stands for “eXtensible Access Control Markup Language” and is developed as a standard by the OASIS standardization organization (with members of this committee being IBM, RedHat, Oracle, Microsoft, Cisco, Boeing and some 5 more).

The practical part of the topic is work with the Drools Java-based rule engine or to extend the PicketBox engine. This involves Java programming and rule-based programming (in the case of Drools). But this involves also work and understanding of a complex software application. In both cases the communities are helpful and the student will certainly find help there. Here is a good starting source for PicketBox, and here is a good source for starting with XACML authentication. The documentation for XACML 3.0 is easy to find.

The student can also take a case study coming from one of Tellu’s existing applications.

The topic is not restricted to Drools. The topic is focused on access control engines of any kind.

For rule engines and rule-based programming, Tellu AS can provide the necessary interaction; and the student may spend time (internship) in the company. For access control and related standards, the ConSeRNS group is a good place.

Tags: security, access control, privacy
Published Aug. 19, 2018 1:06 PM - Last modified Aug. 19, 2018 1:06 PM

Scope (credits)