Multidimensional Security Policies
A-SIT developed a framework consisting of OWL vocabularies for cross-system definition and representation of web resources and security policies. This representation is supported by two separate building blocks, enabling a definition of resource and execution of security policies in a layered manner.
The first building block enables a granular definition of resources, allowing decoupled structuring of entities and functions provided by external Web APIs. Based on abstract, domain-specific ontologies, such representations allow automated management and discovery of networked resources.
The second component of the framework reuses these representations and their interfaces, introducing management and execution of security policies over these resources. This management is therefore performed on an abstract level, decoupled from resources and executed by a separate engine. Such organisation enables a multidimensional and granular definition of security policies. It furthermore enables inclusion of obligations in the process of authorization.
In the current version, the framework supports the domains of Email and Storage APIs, including additionally the live transformation of resources, offering the functional masking and reduction of resources in the scope of authorization obligations.