Authentication and Access Control in Federated Environments
Security is an important and challenging issue in multi-institutional environments, because resources may be managed by a variety of systems with local security components. These components do not readily interoperate with each other, resulting in problems with managing user accounts and access control policies across systems. BIP is developing a standards-based security framework in a collaborative effort between GT (Drs. Blough and Ahamad) and Emory (Drs. Saltz, Kurc, and Post) to enhance security capabilities in federated environments. The goal is to provide a common set of tools for the specification and maintenance of user accounts and authorization policies across multiple platforms in a federated environment. This work leverages standards such as XACML for authorization policy management, Shibboleth for user attribute federation and single sign on, and SAML for authentication. The first phase of implementation is focused on instance and attribute level access control support. It supports the management and enforcement of policies defined in XACML and the development of interfaces to the access control components of external applications such as i2b2.