AC-PIM
AC-PIM is a Platform Independent Model for access control that provides a clear architectural separation between the access policy (the management and expression of access rules), the access decision (evaluating policy at a given point in time), and the access control (the enforcement of access decisions).
Specurity Aspects
Name
Description
Specification of access control policies in platform independent model to generate middleware for access control decisions.
Specification Elements
Name
Description
A ResourceId represents any physical, logical, or conceptual resource that may need to be protected. Examples are: files, databases, field in a database, medical record, launch button.... ResourceId elements are used to annotate business models.
The Guard is responsible for enforcing access decisions (access control). The Guard may consult with a LoginManager to authenticate the User and/or an AccessManager to get decisions regarding allowing access to the protected resource. Guard elements are used to parameterize business models.
Optionally used to annotate business models with sophisticated security context.
Security Aspects
Model-driven access control
Specification of access control policies in platform independent model to generate middleware for access control decisions.- Specification Elements:
- ResourceId
- Guard
- DynamicContextServer
- Threats:
- Tampering with Data
- Information Disclosure
Specification Elements
ResourceId
A ResourceId represents any physical, logical, or conceptual resource that may need to be protected. Examples are: files, databases, field in a database, medical record, launch button.... ResourceId elements are used to annotate business models.- Applies to:
- Data
Guard
The Guard is responsible for enforcing access decisions (access control). The Guard may consult with a LoginManager to authenticate the User and/or an AccessManager to get decisions regarding allowing access to the protected resource. Guard elements are used to parameterize business models.- Applies to:
- Entity
DynamicContextServer
Optionally used to annotate business models with sophisticated security context.- Applies to:
- Entity