1. Performance Assessment of XACML Authorizations
for Supply Chain Traceability Web Services
Miguel Pardal, Mark Harrison, Sanjay Sarma, José Alves Marques
Técnico Lisboa, University of Cambridge, Massachusetts Institute of Technology
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 1

2. Traceability systems assessment framework
http://trakchain.net
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 2

3. Each individual item takes a unique path...
The data sharing policy must also be unique!
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 3

4. Traceability data security
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 4

5. Data access control
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 5

6. SCAz – Supply Chain Authorization Language
• To express data sharing policies using
- EAC - Access control lists
- CCT – Chain of Communication Tokens
- CTA – Chain of Trust Assertions
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 6

7. Data sharing policy in RDF format
:company0 a cta:Organization .
:company1 a cta:Organization .
:item0 a cta:Identifier .
:record0 a cta:Record .
:policy0 a cta:Policy .
:company0 cta:publishes :record0 .
:record0 cta:about :item0 .
:company0 cta:creates :policy0 .
:policy0 cta:protects :item0 .
:policy0 cta:grantsRead :company0 .
:policy0 cta:grantsRead :company1 .
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 7

8. Data sharing policy in RDF format
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 8

9. Externalized security
• Authentication
- SAML
• Message level (cryptographic) protection
- TLS
- WS-Security
• Authorization
- XACML
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 9

10. eXtensible Access Control Markup Language
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 10

11. XACML request processing
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 11

12. Performance assessment tool
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 12

13. Raw evaluation time with increasing number of policies
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 13

14. XACML evaluation time with increasing number of policies
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 14

15. Raw versus XACML overheads
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 15

16. Contributions
• Data sharing policies
- XACML translation
- Correctness check
- Performance assessment
• Chain-of-Trust implementation
- Using Semantic Web Technologies
- More expressive
• Future work
- Pharma pedigree & recall case study
- Take advantage of added expressivity
• Reciprocal trust
• Downstream trust
•…
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 16

17. Obrigado! Visit http://trakchain.net
Miguel Pardal, Performance Assessment of XACML Authorizations Slide 17