Performance Assessment of XACML Authorizations for Supply Chain Traceability Web Services

Miguel Pardal, Performance Assessment of XACML Authorizations

Slide 1

Performance Assessment of XACML Authorizations

for Supply Chain Traceability Web Services

Miguel Pardal, Mark Harrison, Sanjay Sarma, José Alves Marques

Técnico Lisboa, University of Cambridge, Massachusetts Institute of Technology


Traceability systems assessment framework

Slide 2

http://trakchain.net


Each individual item takes a unique path...

Slide 3

The data sharing policy must also be unique!


Traceability data security

Slide 4


Data access control

Slide 5


SCAz – Supply Chain Authorization Language

• To express data sharing policies using - EAC - Access control lists

- CCT – Chain of Communication Tokens

- CTA – Chain of Trust Assertions

Slide 6


Data sharing policy in RDF format

:company0 a cta:Organization .

:company1 a cta:Organization .

:item0 a cta:Identifier .

:record0 a cta:Record .

:policy0 a cta:Policy .

:company0 cta:publishes :record0 .

:record0 cta:about :item0 .

:company0 cta:creates :policy0 .

:policy0 cta:protects :item0 .

:policy0 cta:grantsRead :company0 .

:policy0 cta:grantsRead :company1 .

Slide 7


Slide 8

Data sharing policy in RDF format


Externalized security

•Authentication

- SAML

•Message level (cryptographic) protection

- TLS

- WS-Security

•Authorization

- XACML

Slide 9


eXtensible Access Control Markup Language

Slide 10


XACML request processing

Slide 11


Performance assessment tool

Slide 12


Raw evaluation time with increasing number of policies

Slide 13


XACML evaluation time with increasing number of policies

Slide 14


Raw versus XACML overheads

Slide 15


Contributions

• Data sharing policies - XACML translation

- Correctness check

- Performance assessment

• Chain-of-Trust implementation - Using Semantic Web Technologies

- More expressive

• Future work - Pharma pedigree & recall case study

- Take advantage of added expressivity • Reciprocal trust

• Downstream trust

• …

Slide 16


Visit http://trakchain.net

Slide 17

Obrigado!