Planned intervention: On Wednesday April 3rd 05:30 UTC Zenodo will be unavailable for up to 2-10 minutes to perform a storage cluster upgrade.
Published April 30, 2021 | Version v1
Journal article Open

Designing Information System for Private Network using RBAC, FGAC and Micro service Architecture

  • 1. Research Scholar, Department of Computer Engineering, Shri G. S. Institute of Technology & Science, Indore
  • 2. Associate Professor, Department of Computer Engineering, Shri G. S. Institute of Technology & Science, Indore.
  • 3. Assistant Professor, Department of Computer Engineering, Shri G. S. Institute of Technology & Science, Indore
  • 1. Publisher

Description

Microservice architecture is used in developing enterprise-level applications with the intent to modularise deployment of the application, this happens by creating an application as a collection of var-ious smaller applications known as microservices. An Information system is one such application that is ever-growing and therefore needs an architectural solution that addresses this issue. While microservice architecture addresses this issue by giving low coupling among microservices, future scalability of the system, and convenience in developing, deploying, and integrating new microservices.For all it‘s benefits, microservice architecture complicates the consistent implementation of security policies in this distributed system. Current industry standards are to use protocols that delegate the process of authentication and authorization to a third-party server, e.g. OAuth. Delegating these processes to be handled by the third party is not suitable for some web applications that are deployed in a less resourceful environment, e.g. organization with high internet downtime or an organization with high traffic of non working personnel e.g. people giving exams in college or workshops being held. This paper aims to research proposed solutions, existing frameworks, and technologies to implement security policies in an Information system which can be suitable for the above two scenarios.For this, we use authentication, Role-based access control (RBAC) on every request, and Fine-grained access control (FGAC) on the implementation method level, to achieve greater access control and flex-ibility of adding new microservice without changing whole security policies. We have also proposed a pre-registration condition in our system, which allows only certain people, whose data is already present in the system, to register themselves with the application. We also discuss the scenario where using a protocol like OAuth is not suitable. The solution is based on creating a central single entry point for authentication and implementing an RBAC policy that will filter every request based on access roles that the requesting user has. We further use FGAC on method level in microservices to enforce n even finer restrictions on resources to be accessed based on requirements. This solution will be implemented as apart of the Department Information System (DIS) in the following two-step.

Files

D24740410421.pdf

Files (926.6 kB)

Name Size Download all
md5:53fb463be9c94faea67a0c01c87c2c97
926.6 kB Preview Download

Additional details

Related works

Is cited by
Journal article: 2249-8958 (ISSN)

Subjects

ISSN
2249-8958
Retrieval Number
100.1/ijeat.D24740410421