- HERAS-AF
HERASAF (Holistic Enterprise-Ready Application Security Architecture Framework), http://www.herasaf.org, is a university project at the University of Applied Sciences Rapperswil (Switzerland), http://www.hsr.ch, which has the focus on making authorization enterprise-ready. This is enabled through the use of an open and technology-independent language called
XACML . Thereby HERASAF focuses mainly on free available and opensource components.Holistic approach
* HERASAF supports the whole authorization process.
* That means technically that every access on a secured resource is intercepted by distributed agents (PEPs) and sent to a PDP that evaluates the request based on applicable policies. Only if a positive answer is sent back from the PDP, access is granted through the PEP.
* Holistic also means that the aspect of the policy creation, through nontechnical personnel, is taken into account in the framework design, especially in the PAP.Enterprise-Ready
* The integration of HERASAF into a company should have a minimal impact to the existing infrastructure.
* HERASAF is designed with a focus on expendability and adaptaptability. Through the consistent use of the Spring IoC-Container the exchange of components is always guaranteed in a simple way. Own components can easily be integrated into the framework.
* The API of HERASAF can be used to develop firm-specific components. The firm-specific components simply have to use the expansion points of HERASAF. It is for example possible to implement a connection to an ERP system for gathering additional information that is used for evaluating.
* HERASAF uses existing and established standards. The framework stands on a wide base for upcoming extensions. This increases the interoperability and simplifies the integration of HERASAF into existing and upcoming infrastructure.
* The PAP provides business views and language-constructs that a security administrator does not need to understand what aURL or RFC822Name is. A technical administrator who is aware of these terms creates templates which hide all technical information. The security administrator only has to enrich the templates with the missing information which the technical administrator cannot know.Application Security
* Not every application has to protect the access on resources. This responsibility can be delegated to HERASAF. The framework provides agents (PEPs) which can be integrated into existing and new application as interceptors.
Interoperability
* HERASAF only uses open standards like
XACML ,SAML ,Webservice s, etc. for the communication between components. That way the highest possible interoperability with 3rd-party products is guaranteed.References
External links
* [http://www.herasaf.org HERAS-AF website]
* [http://www.oasis-open.org/committees/xacml/ OASIS XACML committee website]
Wikimedia Foundation. 2010.
