SANY Sensors Anywhere

As an open architecture, SensorSA does not specify what any particular sensor or service does to protect itself. What the SensorSA does include, are security provisions to control access to services that are considered part of the SensorSA. The focus of the Security Framework is on access control. In a nutshell, access to a particular service is controlled in accordance with a policy specified for that service.

SensorSA security framework uses the SAML tickets to define Identities (individual users), Roles (attributes of Identities, indicating their function - e.g. "administrator" role), and Groups (sets of Identities). The Access Control Policies are specified using (Geo)XACML XML dialect.

The SensorSA Security Framework provides the software components that manage policies and identities, and enforce the policy rules. This includes:

• The Identity Management & Authentication Service is responsible for the management of identities, their authentication, and the management of credentials and issuing of sessions. An instance of the Identity Management and Authentication Service acts as both authentication provider and identity provider. The service supports the management of groups (of identities) as a special kind of identity.
  
• The Policy Management and Authorisation Service supports the management of policies, acting as policy administration point by allowing the management (select, create, update, delete) of (Geo)XACML policies,
  as well as policy information point. Moreover, as an instance of the authorisation service interface it acts as policy decision point by providing a decision on whether some identity (e.g. a user or a service) is authorised to access a certain resource.

• The Policy Enforcement Service handles the necessary interaction (authentication and authorisation) to obtain the required access control decision and is independent of the controlled service (generic).
  
• The Service Proxy mimics the controlled service and delegates the service request to the Policy Enforcement Service.
  
• In addition to the services supporting the Service Access Control Pattern the Profile Management Service manages profiles and their relations to identities.

SensorSA security framework is published under GPL, and can be downloaded from the "Downloads" section of the SANY-IP web site.