A Scalable Permission Management System With Support of Conditional and Customized Attributes
This addresses the need for more adaptable permission management systems in businesses handling multiple identities and devices, though it appears incremental relative to existing ABAC models like AWS IAM.
The paper tackles the problem of flexible attribute-based access control (ABAC) by introducing a string-based resource naming strategy that supports customized and conditional permissions, making the system scalable, secure, efficient, flexible, and customizable.
Along with the classical problem of managing multiple identities, actions, devices, APIs etc. in different businesses, there has been an escalating need for having the capability of flexible attribute based access control~(ABAC) mechanisms. In order to fill this gap, several variations of ABAC model have been proposed such as \textit{Amazon's AWS IAM}, which uses JSON as their underlying storage data structure and adds policies/constraints as fields over the regular ABAC. However, these systems still do not provide the capability to have customized permissions and to perform various operations (such as comparison/aggregation) on them. In this paper, we introduce a string based resource naming strategy that supports the customized and conditional permissions for resource access. Further, we propose the basic architecture of our system which, along with our naming scheme, makes the system scalable, secure, efficient, flexible and customizable. Finally, we present the proof of concept for our algorithm as well as the experimental set up and the future trajectory for this work.