Authorization as a service: Evaluating the platform as a service paradigm for XACML policy decision points

 

Author: Gregor Ryba
Supervisor: Wolfgang KastnerMarkus Jung
Type: Master Thesis
Finished: 2013-06-12
Webpage



Abstract:
The "Internet of Things" vision refers to an Internet that is not completely dependent on humans creating information. It tries to incorporate the physical world with its objects. The smart grid is one application of this vision. It integrates ICT technology into the traditional power grid to cope with the new requirements that are arising out of its continuing expansion and the incorporation of new energy sources. Because of interoperability many of these ICT devices are relying on Web services for transportation of the data generated.
Since most of this data is sensitive, privacy needs to be established.
The huge number of devices that are involved in such a system requires high scalability.
Based on an example scenario arising out of the smart grid, this thesis introduces an architecture offering authorization as a service. It is based on the two standards XACML and SAML. It is documented with the 4+1 view model and a software prototype is implemented. This prototype is then deployed to the PaaS framework Appscale. Appscale is an open source implementation of Google's App Engine framework. It enables the execution of applications in a cloud environment, without the need to take care of the issues arising out of the distributed computing model.
For comparison a version of this architecture runnable on an on-premises system is developed.
Evaluation of the prototype focuses on its scalability. Load tests are run against the system in various configurations with all distributed databases offered by Appscale. The recorded results are ranging from a very unstable behaviour to the awaited scalability dependent on the number of nodes used for Appscale deployment.

DATENSCHUTZERKLÄRUNG - Joomla templates by a4joomla