What is PERMIS?
An authorisation infrastructure. PERMIS is an infrastructure that provides
all the necessary facilities for users to manage privileges and authorisation
policies and for applications to make authorisation decisions.
As to privilege management, PERMIS provides the Attribute Certificate
Manager (ACM) and the Bulk Loader for managers to allocate privilege to
users. The generated privilege information is stored in X.509 Attribute
Certificate format. PERMIS also provides the Delegation Issuing Service
(DIS), which allows users to delegate (a subset of) their privileges to
other users in their domain, according to the site's delegation policy.
As to policy management, PERMIS provides the Policy Editor to allow
administrators to easily construct authorisation policies for their applications
and delegation policies for their Delegation Issuing Service. The policies
are created in XML format, and may then be optionally protected by encapsulating
in an X.509 policy attribute certificate, digitally signed by the administrator.
As to authorisation decision making, PERMIS provides a modular policy
decision point (PDP) and a credential validation service (CVS).
The underlying technologies of PERMIS are Role Based Access Control
and Policy based Management.
The credential validation service is used to validate if the allocation
of privileges is valid or not. (The need for this is due to the fact that
privileges may be managed in a distributed manner, thus potentially anybody
can allocate any privileges to anyone else, but only some of these allocation
will be recognised by the PERMIS CVS as being valid). The CVS is a core
component that will be integrated with applications, and it returns the
set of valid attributes for a user, ready for the PDP to make an authorisation
The policy decision point is renders an authorisation decision for
a user's access request, normally in the form of granted or denied. The
PDP is a core component that will be integrated with applications, and
it is responsible for making the authorisation decisions when applications
need to verify if a requested operations is authorised or not. The applications
is responsible for enforcing the decisions returned from the PDP.
The underlying architecture of PERMIS is a distributed architecture.
Normally the following principals/entities will be involved in the architecture.
Role Based Access Control (RBAC). RBAC allows PERMIS to group all
users into roles (or attributes), each role/attribute is associated with
a collection of privileges. A user's membership of a role will allow the
user to exercise the privileges associated with the role.
Policy based Management. Authorisation criteria are specified as
a collection of rules, and these rules are stored as a policy. The policy
is then used by the PERMIS PDP when it renders authorisation decisions
and by the PERMIS CVS when it returns the valid sets of user attributes.
In this way, PERMIS is not hard coded with the authorisation rules. Administrators
can change the policy for an application, which in turn will change PERMIS's
authorisation decision results. Changing policies will not require any
change of the applications' implementation or any recompiling of the application's
To summarise, system administrators will write authorisation policies,
specifying what roles have which privileges, and what kind of credentials
will be recognized by PERMIS. The authorisation policy will be used by
PERMIS for all reasoning regarding authorisation. Attribute administrators
will issue credentials to users containing attributes, telling what roles
the users have. When a user requests access to a protected resource, the
user's credentials will be analysed by PERMIS, and only those attributes
that can be validated by the credential validation rules in the policy
will be recognized as valid by PERMIS. Then PERMIS will use the association
of attributes and privileges as specified in the policy to render an authorisation
decision for the user's request.
Other related technologies.
System Administrators (called Sources of Authority in PERMIS).
System administrators are principals responsible for composing the rules
for the decision making and credential validation services. These rules
are kept as policies. The rules for decision making specify the association
of privileges to roles/attributes, saying what privileges have been assigned
to every role/attribute in the system. The rules for credential validation
specify the way that PERMIS recognizes valid Attribute Administrators and
valid credentials that they have issued, as credentials may be issued by
many parties that are not trusted by the system administrators in the current
Attribute Administrators (or Attribute Authorities). Attribute administrators
(AAs) issue attributes to users. These attributes are normally used to
associate users with roles. Thus with the issued attributes, PERMIS can
know what roles a user has been assigned to. Attributes will be managed
in the form of credentials.
Users. Users are the principals that perform operations on the protected
resources. Users can be human beings or applications.
Applications. Applications are the programs that do useful things
for users and provide users with interfaces to access protected resources.
Applications will need to intercept the users' request to access protected
resources, and solicit authorisation decisions from PERMIS. The application
will then need to enforce the authorisation decisions returned by PERMIS.
This enforcement is normally to reject the user's request to access the
resource if the authorisation decision is "denied" and to allow access
to the resource is the decision is "granted".
Resources. Resources are valuable computer based resources that
need to be protected from being wasted, damaged or used improperly by users.
LDAP. LDAP is used by PERMIS as a network accessible repository for storing
policies and credentials. LDAP support is optional in modular PERMIS, as
the system can use other repositories such as local file stores. PERMIS
also allow programmers to extend the capabilities of PERMIS to access other
repositories such as databases, web pages, etc.
X.509 Attribute Certificates. X.509 Attribute Certificates were compulsory
in early versions of PERMIS, to provide trust and tamper-proof resistance
to policies and credentials. In the current version of PERMIS, X.509 attribute
certificates are no longer compulsory, as other formats are supported,
including plain XML policies and SAML attribute assertions. PERMIS also
allow programmers to extend the capabilities of PERMIS to access other
formats for credentials and policies.