Toward Authorization as a Service: A Study of the XACML Standard

Abstract

Cloud computing has promoted the notion of service as the leading way to deliver and consume computing resources. Today, security is going down that road and the term security as a service is emerging. Authorization that consists in managing permissions is one of the main classic security services. We propose in this article to study how authorization could be delivered/consumed as a Service. We focus on the XACML standard that has been adopted by the cloud security community because of its native flexibility and adaptability properties. Although XACML seems to fulfill the requirements of authorization as a Service in theory, it is very complex to realize it in practice. We propose a service oriented component architecture together with the concept self-contained policy to cope with this issue. This approach allows both the cloud consumers to adapt the authorization system to their authorization policies and the cloud providers to minimize the cost of providing a flexible authorization service.