PERMIS Project Web Site


PERMIS Contents

Home

Essentials Integration Projects Documents Developers Get Involved

What is PERMIS?

  • An authorisation infrastructure. PERMIS is an infrastructure that provides all the necessary facilities for users to manage privileges and authorisation policies and for applications to make authorisation decisions.
  • As to privilege management, PERMIS provides the Attribute Certificate Manager (ACM) and the Bulk Loader for managers to allocate privilege to users. The generated privilege information is stored in X.509 Attribute Certificate format. PERMIS also provides the Delegation Issuing Service (DIS), which allows users to delegate (a subset of) their privileges to other users in their domain, according to the site's delegation policy.
  • As to policy management, PERMIS provides the Policy Editor to allow administrators to easily construct authorisation policies for their applications and delegation policies for their Delegation Issuing Service. The policies are created in XML format, and may then be optionally protected by encapsulating in an X.509 policy attribute certificate, digitally signed by the administrator.
  • As to authorisation decision making, PERMIS provides a modular policy decision point (PDP) and a credential validation service (CVS).
    1. The credential validation service is used to validate if the allocation of privileges is valid or not. (The need for this is due to the fact that privileges may be managed in a distributed manner, thus potentially anybody can allocate any privileges to anyone else, but only some of these allocation will be recognised by the PERMIS CVS as being valid). The CVS is a core component that will be integrated with applications, and it returns the set of valid attributes for a user, ready for the PDP to make an authorisation decision.
    2. The policy decision point is renders an authorisation decision for a user's access request, normally in the form of granted or denied. The PDP is a core component that will be integrated with applications, and it is responsible for making the authorisation decisions when applications need to verify if a requested operations is authorised or not. The applications is responsible for enforcing the decisions returned from the PDP.
  • The underlying technologies of PERMIS are Role Based Access Control and Policy based Management.
    1. Role Based Access Control (RBAC). RBAC allows PERMIS to group all users into roles (or attributes), each role/attribute is associated with a collection of privileges. A user's membership of a role will allow the user to exercise the privileges associated with the role.
    2. Policy based Management. Authorisation criteria are specified as a collection of rules, and these rules are stored as a policy. The policy is then used by the PERMIS PDP when it renders authorisation decisions and by the PERMIS CVS when it returns the valid sets of user attributes. In this way, PERMIS is not hard coded with the authorisation rules. Administrators can change the policy for an application, which in turn will change PERMIS's authorisation decision results. Changing policies will not require any change of the applications' implementation or any recompiling of the application's code.
  • The underlying architecture of PERMIS is a distributed architecture. Normally the following principals/entities will be involved in the architecture.
    1. System Administrators (called Sources of Authority in PERMIS). System administrators are principals responsible for composing the rules for the decision making and credential validation services. These rules are kept as policies. The rules for decision making specify the association of privileges to roles/attributes, saying what privileges have been assigned to every role/attribute in the system. The rules for credential validation specify the way that PERMIS recognizes valid Attribute Administrators and valid credentials that they have issued, as credentials may be issued by many parties that are not trusted by the system administrators in the current domain.
    2. Attribute Administrators (or Attribute Authorities). Attribute administrators (AAs) issue attributes to users. These attributes are normally used to associate users with roles. Thus with the issued attributes, PERMIS can know what roles a user has been assigned to. Attributes will be managed in the form of credentials.
    3. Users. Users are the principals that perform operations on the protected resources. Users can be human beings or applications.
    4. Applications. Applications are the programs that do useful things for users and provide users with interfaces to access protected resources. Applications will need to intercept the users' request to access protected resources, and solicit authorisation decisions from PERMIS. The application will then need to enforce the authorisation decisions returned by PERMIS. This enforcement is normally to reject the user's request to access the resource if the authorisation decision is "denied" and to allow access to the resource is the decision is "granted".
    5. Resources. Resources are valuable computer based resources that need to be protected from being wasted, damaged or used improperly by users.
    To summarise, system administrators will write authorisation policies, specifying what roles have which privileges, and what kind of credentials will be recognized by PERMIS. The authorisation policy will be used by PERMIS for all reasoning regarding authorisation. Attribute administrators will issue credentials to users containing attributes, telling what roles the users have. When a user requests access to a protected resource, the user's credentials will be analysed by PERMIS, and only those attributes that can be validated by the credential validation rules in the policy will be recognized as valid by PERMIS. Then PERMIS will use the association of attributes and privileges as specified in the policy to render an authorisation decision for the user's request.
Other related technologies.
  1. LDAP. LDAP is used by PERMIS as a network accessible repository for storing policies and credentials. LDAP support is optional in modular PERMIS, as the system can use other repositories such as local file stores. PERMIS also allow programmers to extend the capabilities of PERMIS to access other repositories such as databases, web pages, etc.
  2. X.509 Attribute Certificates. X.509 Attribute Certificates were compulsory in early versions of PERMIS, to provide trust and tamper-proof resistance to policies and credentials. In the current version of PERMIS, X.509 attribute certificates are no longer compulsory, as other formats are supported, including plain XML policies and SAML attribute assertions. PERMIS also allow programmers to extend the capabilities of PERMIS to access other formats for credentials and policies.

Last updated 20 July 2011