Martijn Oostdijk

Biography

Martijn Oostdijk works as a researcher at Novay. His research focuses on Identity & Trust. Martijn combines a background in hard security with a broad interest in security and digital identity problems. At Novay Martijn works on projects on federated identity management, the electronic passport, mobile authentication, grid & cloud computing, and context enhanced authorization. Before joining Novay Martijn worked as a Security Analyst at security test lab Riscure in Delft and before that as an Assistant Professor of Computer Science at Radboud University in Nijmegen. Martijn holds a Ph.D. degree from Eindhoven University of Technology, and an M.Sc. degree from Radboud University (both in Computer Science).

Presentation: Context-enhanced Authorization

Context information (location, time, proximity of other users, past behavior of users)  can make authorization management more flexible and more secure. Knowing when and where users are, and what they are up to helps in determining which access rules to apply. There is an increasing need for organizations, especially high-trust organizations in the financial sector, to be more flexible while maintaining the same level of security. The new found flexibility can be used, for instance, to enable new forms of working in which employees of a bank need to be able to perform high-risk transactions from different locations (home, office, at a customer location etc.), at different times of the day and using both privately and company owned devices. The promise of context-enhanced authorization is that by making the context information explicit in authorization rules the flexibility increases without reducing security. The wide-spread introduction of mobile devices makes more and more context information available, and promising technical authorization standards, driven by factors such as cloud computing, are just about ready to make context-enhanced authorization possible.

Context-enhanced authorization forms the topic of  a research project in which Novay together with Rabobank and IBM aims to identify the opportunities and challenges of using context information to enhance authorization policy management. The project is part of the Service Innovation & ICT (SII) programme. Within the project context-enhanced authorization for employees in the banking industry is studied by identifying a number of use cases in which context information promises to truly enhance flexibility or security. The project also builds a demonstrator to validate technical feasibility of context enhanced authorization given today’s state-of-the-art authorization technologies. The current generation of Identity & Access Management suites enable individual applications to externalize their authorization decision logic. An upcoming standard making this possible is XACML. This technology promises to be an important component of the solution, though technical challenges may need to be tackled first before theses systems can process real-time context information.

This talk introduces the concepts, examples, relevant technologies and standards. The opportunities and some of the challenges ahead will be discussed, and solution directions to address those challenges will be proposed.