Akenti overview

The problem: access control policy management

Policies governing access and use of a resource traditionally have been expressed via access control lists. In this model, control is highly centralized: only one person or organization administers and enforces the access control requirements.

It is not always easy to centralize policy control. An X-ray laser at a university, for example, hypothetically may have several stakeholders (parties with authority to grant access to the resource), each of which brings its own set of concerns:

To change a stakeholder's access control requirements, the access control enforcer must verify that the change request originated from an authorized party (i.e., that stakeholder), check that the request was not altered in transit, and only then make the appropriate change. Such centralized and essentially manual updating does not scale well, particularly if the parties are geographically or organizationally dispersed.

A solution: distributed policy management

To address the issues raised in allowing restricted access to resources which are controlled by multiple stakeholders, we have developed Akenti. Akenti provides a way to express and to enforce an access control policy without requiring a central enforcer and administrative authority. The system's architecture is intended to provide scalable security services in highly distributed network environments.


Akenti was designed More specifically, Akenti was intended

Akenti access control fundamentals

The resource that Akenti controls may be information, processing or communication capabilities, or a physical system such as a scientific instrument. Access can be the ability to obtain information from the resource (e.g., "read" access;), to modify the resource (e.g., "write" access), or to cause that resource to perform certain functions (e.g., changing instrument control set points).

The approach makes use of:

The initially targeted resources are:

More information

See the main Akenti documentation page.

[an error occurred while processing this directive]