MACOW Ξ Mandatory Access Control on Open Worlds
Architecture
The architecture provided on MACOW can be depicted on the following figure.
As is shown in the figure, PEP entities are in charge of provide knowledge and current
state of the different controlled elements on the information system. PEP elements send
knowledge over a publication/subscription platform by means of the Event Manager communication
broker.
PIP entity acts as a knowledge repository collecting current states of all controlled elements on
the information system. Thus, PIP contains knowledge provided from all PEPs updated.
Morever, PEP entities are also in charge of enforcing PDP access control decisions. Then, when a user
is trying to access to a controlled elements, PEP sent a request to PDP entity. Then, PDP retrieves
current system state form PIP and applies semantic rules which determine MACOW behaviour. As a result,
PDP provides whether the access attempt has been authored or not. Then, PEP block or authorized the access
to managed element according to this PDP statement.
Notice that PDP enables to retrieve knowledge from different administrative domains when collaborative
scenarios are stablished such as coalition and federation scenarios. This knowledge will be alligned on
the local domain by means of the alligment features provided on OWL and will be used to share knowledge among
different administrative domains.