Akenti overview

The problem: access control policy management

Policies governing access and use of a resource traditionally have been expressed via access control lists. In this model, control is highly centralized: only one person or organization administers and enforces the access control requirements.

It is not always easy to centralize policy control. An X-ray laser at a university, for example, hypothetically may have several stakeholders (parties with authority to grant access to the resource), each of which brings its own set of concerns:

the principal investigator of the project for which the laser was built, who needs his team to have full access;
the technician who operates it, who must ensure that no one is hurt while using it;
the government agency that funded it, which may have stringent national security or other restrictions;
the university's biological experiments oversight committee, which has to approve any experiments in which the laser is used on living creatures.

To change a stakeholder's access control requirements, the access control enforcer must verify that the change request originated from an authorized party (i.e., that stakeholder), check that the request was not altered in transit, and only then make the appropriate change. Such centralized and essentially manual updating does not scale well, particularly if the parties are geographically or organizationally dispersed.

A solution: distributed policy management

To address the issues raised in allowing restricted access to resources which are controlled by multiple stakeholders, we have developed Akenti. Akenti provides a way to express and to enforce an access control policy without requiring a central enforcer and administrative authority. The system's architecture is intended to provide scalable security services in highly distributed network environments.

Goals

Akenti was designed

to achieve the same level of expressiveness of access control that would be available if a human controller were in the decision loop, and
to reflect the existing policy (authority, delegation, and responsibility) present in these environments.

More specifically, Akenti was intended

to allow each stakeholder to enforce its access control requirements independently of the other stakeholders,
to allow each stakeholder to change its requirements at any time and to be confident that the new requirements would take effect immediately, and
to provide high assurance of integrity and non-repudiability in the expression of the access control requirements.

Akenti access control fundamentals

The resource that Akenti controls may be information, processing or communication capabilities, or a physical system such as a scientific instrument. Access can be the ability to obtain information from the resource (e.g., "read" access;), to modify the resource (e.g., "write" access), or to cause that resource to perform certain functions (e.g., changing instrument control set points).

The approach makes use of:

certificates (digitally signed documents) capable of carrying:

user identity authentication ( X509 identity certificates)
resource usage requirements (use-conditions)
user attribute assertions (attributes)
delegated authorization (proxies)

authorization decisions split among online and offline entities

The initially targeted resources are:

More information

See the main Akenti documentation page.

[an error occurred while processing this directive]