An extensible and decoupled architectural model for authorization frameworks

Abstract

Existing access control frameworks fall short on offering comprehensive and general solutions in application development, often limited to role-based access control policies. This leads developers to craft solutions when it is necessary to implement complex access control policies, causing tangling of business and authorization concerns. In this context, framework extensibility and technology independence are also important to enable its adaptation to a wide range of applications. In order to widen the scope of authorization solutions, this research proposes an architectural model for frameworks, extensible to various access control models. The Esfinge Guardian framework, an implementation of the architectural model, is presented, with usage scenarios and a brief tutorial. Finally, a comparative analysis is presented between Esfinge Guardian and the main authorization framework providers, showing that the Esfinge Guardian is indeed more extensible and decoupled than the compared solutions. © 2013 Springer-Verlag Berlin Heidelberg.