The focus of this project pertains to meeting the challenges associated with authorization in distributed contexts. In many academic organisations there is often a need to integrate centralised systems with other systems based in departments or other administrative units. While issues of technology mismatches and data heterogeneity may be overcome via the application of open standards, there may still be issues of interoperability to overcome with respect to authorization: different access control approaches may be used throughout the institution—making it virtually impossible to construct a global view of “who can see what”.

Service-Oriented Federated Authorization (SOFA)

Download final report

The focus of this project pertains to meeting the challenges associated with authorization in distributed contexts. In many academic organisations there is often a need to integrate centralised systems with other systems based in departments or other administrative units. While issues of technology mismatches and data heterogeneity may be overcome via the application of open standards, there may still be issues of interoperability to overcome with respect to authorization: different access control approaches may be used throughout the institution—making it virtually impossible to construct a global view of “who can see what”.

Aims and objectives

We are building upon previous experience to develop a system that allows institutions not only to aggregate data from disparate data sources in a secure fashion, but also to link such sources without a reliance on a single authorization mechanism. Specifically, we will extend the sif (service-oriented interoperability framework) middleware framework, which was developed within the TSB-funded GIMI (Generic Infrastructure for Medical Informatics) project. While the short-term beneficiaries of the work will be administrators associated with the University of Oxford, in the medium-term others within the JISC community stand to benefit from the work of this project.

Project methodology

By extending an existing middleware framework, we hope to mitigate many of the risks typically associated with development projects. Further, by taking an application-led approach, we will ensure that what is being developed is appropriate for the JISC community. The project work is being undertaken by two researchers—David Power and Mark Slaymaker—and consists of seven work packages: project management (WP1); use cases and requirements (WP2); middleware extension and refinement (WP3); tool development (WP4); application development and support (WP5); testing and validation (WP6); and community engagement and dissemination (WP7).

Anticipated outputs and outcomes

The project has eight deliverables: 

  • A user requirements workshop 
  • A user needs analysis and use case document 
  • A project web site 
  • An extended version of the sif framework 
  • An interim report, detailing progress at the mid-point of the project 
  • A dissemination workshop 
  • A simple, usable tool for policy construction 
  • A final report
Technology / Standards used
  • eXtensible Access Control Markup Language (XACML)
  • Role Based Access Control (RBAC)

Project Staff

Project manager
  • Dr Andrew Simpson, Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford OX1 3QD, 01865 283514 Andrew.Simpson@comlab.ox.ac.uk
Project team

 

Documents & Multimedia

Bookmark and Share
Summary
Start date
1 January 2010
End date
31 December 2010
Funding programme
Access and Identity Management Programme
Project website
Lead institutions
University of Oxford
Committees
  • JISC Infrastructure and Resources Committee
Topic