Federated Authorization for Managed Data Sharing: Experiences from the ImPACT Project

Conference Paper

This paper presents the rationale and design of the trust plane for ImPACT, a federated platform for managed sharing of restricted data. Key elements of the architecture include Web-based notaries for credential establishment based on declarative templates for Data Usage Agreements, a federated authorization pipeline, integration of popular services for identity management, and programmable policy based on a logical trust model with a repository of linked certificates. We show how these elements of the trust plane work in concert, and set the ideas in context with principles of federated authorization. A focus and contribution of the paper is to explore limitations of the resulting architecture and tensions among competing design goals. We also point the way toward future extensions, including policy-checked data access from cloud-hosted data enclaves with enhanced defenses against data leakage and exfiltration.

Full Text

Duke Authors

Cited Authors

  • Chase, JS; Baldin, I

Published Date

  • July 1, 2021

Published In

Volume / Issue

  • 2021-July /

International Standard Serial Number (ISSN)

  • 1095-2055

International Standard Book Number 13 (ISBN-13)

  • 9780738113302

Digital Object Identifier (DOI)

  • 10.1109/ICCCN52240.2021.9522208

Citation Source

  • Scopus