Abstract

Absence of architecture to describe how to implement authorization as a centralized service, in a way similar to authentication , has been causing redundant deployment of computing resources, lack of standard practices, and never-ending learning curve in maintaining proprietary or ad hoc authorization solutions. The paper develops an architecture, which focuses on centralization of authorization, to be called Centralized Authorization Service (CAuthS) or Authorization as a Service (AuthaaS), when deployed as a service, and is targeted to substitute platform-based ad hoc authorization solutions.

References

• OASIS. (2013, Jan. ) OASIS eXtensible Access Control Markup Language (XACML) TC. [Online]. http://docs. oasis-open. org/xacml/3. 0/xacml-3. 0-core-spec-os-en. pdf
• David F Ferraiolo, Ravi Sandhu, Serban Gavrila, D Richard Kuhn, and Ramaswamy Chandramouli, "Proposed NIST standard for role-based access control," ACM Transactions on Information and System Security (TISSEC), vol. 4, no. 3, pp. 224--274, 2001.
• Eric Yuan and Jin Tong, "Attributed based access control (ABAC) for Web services," in Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on, 2005.
• Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou, "Achieving secure, scalable, and fine-grained data access control in cloud computing," in INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1--9.
• Network Working Group. (2005, July) A Universally Unique IDentifier (UUID) URN Namespace. [Online]. http://www. ietf. org/rfc/rfc4122. txt
• Martin Gaedke, Johannes Meinecke, and Martin Nussbaumer, "A modeling approach to federated identity and access management," in Special interest tracks and posters of the 14th international conference on World Wide Web, 2005, pp. 1156--1157.
• Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura, and Sumit Shah, "First Experiences Using XACML for Access Control in Distributed Systems," in XMLSEC '03 Proceedings of the 2003 ACM workshop on XML security, New York, NY, USA, 2003, pp. 25-37.
• Gregor Kiczales et al. , "Aspect-Oriented Programming," in Proceedings of the European Conference on Object-Oriented Programming, vol. 1241, ECOOP, 1997, pp. 220–242.
• Ramon Lawrence, "The space efficiency of XML," Information and Software Technology, vol. 46, no. 11, pp. 753--759, 2004.
• Nurzhan Nurseitov, Michael Paulson, Randall Reynolds, and Clemente Izurieta, "Comparison of JSON and XML Data Interchange Formats: A Case Study. ," Caine, pp. 157--162, 2009.
• Bruno Gil and Paulo Trezentos, "Impacts of data interchange formats on energy consumption and performance in smartphones," in Proceedings of the 2011 Workshop on Open Source and Design of Communication, 2011, pp. 1--6.
• Paul Moritz Cohn, Universal algebra. : Springer, 1981.
• Jaehong Park and Ravi Sandhu, "Towards usage control models: beyond traditional access control," in Proceedings of the seventh ACM symposium on Access control models and technologies, 2002, pp. 57--64.
• Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software. Upper Saddle River, NJ: Addison-Wesley Professional computing Series, 1995.
• James F Gray, Sets,relations,and functions. : Holt,Rinehart & Winston, 1962.
• F. Borceux, Handbook of Categorical Algebra: Volume 2, Categories and Structures. : Cambridge University Press, 1994.
• Westley Weimer and George C Necula, "Exceptional situations and program reliability," ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 30, no. 2, p. 8, 2008.
• Kyo C Kang et al. , "FORM: A feature-oriented reuse method with domain-specific reference architectures," Annals of Software Engineering, vol. 5, no. 1, pp. 143--168, 1998.
• Gregor Kiczales et al. , "Getting started with AspectJ," Communications of the ACM, vol. 44, no. 10, pp. 59--65, 2001.
• Patricia P Griffiths and Bradford W Wade, "An authorization mechanism for a relational database system," ACM Transactions on Database Systems (TODS), vol. 1, no. 3, pp. 242--255, 1976.
• Sushil Jajodia, Pierangela Samarati, and VS Subrahmanian, "A logical language for expressing authorizations," in Security and Privacy, 1997. Proceedings. , 1997 IEEE Symposium on, 1997, pp. 31--42.
• Michiharu Kudo and Satoshi Hada, "XML document security based on provisional authorization," in Proceedings of the 7th ACM conference on Computer and communications security, 2000, pp. 87--96.
• Jan De Clercq, "Single sign-on architectures," in Infrastructure Security. : Springer, 2002, pp. 40--58.
• Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, and Llanos Tobarra, "Formal analysis of SAML 2. 0 web browser single sign-on: breaking the SAML-based single sign-on for google apps," in Proceedings of the 6th ACM workshop on Formal methods in security engineering, 2008, pp. 1--10.
• Howard Barnum, Claude Cr'epeau, Daniel Gottesman, Adam Smith, and Alain Tapp, "Authentication of quantum messages," in Foundations of Computer Science, 2002. Proceedings. The 43rd Annual IEEE Symposium on, 2002, pp. 449--458.
• Jingsha He, "System and method for single sign-on to a plurality of network elements," 5,944,824, Aug. 31, 1999.
• Timothy S Dare, Eric B Ek, and Gary L Luckenbaugh, "Method and system for authenticating users to multiple computer servers via a single sign-on," 5,684,950, Nov. 4, 1997.
• Andreas Pashalidis and Chris J Mitchell, "A taxonomy of single sign-on systems," in Information security and privacy, 2003, pp. 249--264.
• Dennis G Abraham and Richard K Hite, "Method and apparatus for initialization of cryptographic terminal," 5,745,576, Apr. 28, 1998.
• Ted Kremenek, Paul Twohey, Godmar Back, Andrew Ng, and Dawson Engler, "From uncertainty to belief: Inferring the specification within," in Proceedings of the 7th symposium on Operating systems design and implementation, 2006, pp. 161--176.
• Ed Keenan and Adam Steele, "Exploring game architecture best-practices with classic space invaders," in Proceedings of the 1st International Workshop on Games and Software Engineering, 2011, pp. 21--24.
• James Rumbaugh, Ivar Jacobson, and Grady Booch, Unified Modeling Language Reference Manual, The. : Pearson Higher Education, 2004.
• W Rudin, Principles of mathematical analysis, 3rd ed. : McGraw Hill, Inc. , 1976.
• David F Ferraiolo and D Richard Kuhn, "Role-based access controls," arXiv preprint arXiv:0903. 2171, 2009.
• Ravi S Sandhu, Edward J Coyne, Hal L Feinstein, and Charles E Youman, "Role-based access control models," Computer, vol. 29IEEE Computer Society, no. 2, pp. 38--47, 1996.
• Fawaz A and Miege, Alexandre and El Saddik, Abdulmotaleb Alsulaiman, "Threshold-based collaborative access control (T-CAC)," in Collaborative Technologies and Systems, 2007. CTS 2007. International Symposium on, 2007, pp. 46--56.
• Ruo-Fei Han, Hou-Xiang Wang, Qian Xiao, Xiao-Pei Jing, and Hui Li, "A united access control model for systems in collaborative commerce," Journal of Networks, vol. 4, no. 4, pp. 279--289, 2009.
• George A Gratzer, Universal algebra. : Springer Science & Business Media, 2008.
• Andrew Kennedy and Don Syme, "Design and implementation of generics for the. net common language runtime," in ACM SigPlan Notices, 2001, pp. 1--12.
• Steven Roman, Steven M Roman, and Steven M Roman, Advanced linear algebra. : Springer, 2005.
• Tim Berners-Lee, Dan Connolly, and Ralph R Swick, "Web architecture: Describing and exchanging data," WWW-address: http://www. w3. org/1999/04/WebData, 1999.
• Douglas Crockford. (2006, July) Network Working Group Request for Comments. [Online]. https://tools. ietf. org/html/rfc4627
• Whitfield Diffie, Paul C Van Oorschot, and Michael J Wiener, "Authentication and authenticated key exchanges," Designs, Codes and cryptography, vol. 2, no. 2, pp. 107--125, 1992.
• D. Ed. Hardt. (2010, Jan. ) Internet Engineering Task Force. [Online]. https://tools. ietf. org/html/draft-hardt-oauth-01.