What is SAFAX?
SAFAX offers authorization as a flexible and extensible service. SAFAX is a novel XACML-based architectural framework tailored to the development of extensible authorization services for distributed and collaborative systems. The key design principle underlying SAFAX is that all components are loosely coupled services, thus providing the flexibility, extensibility and scalability needed to manage authorizations in complex environments.
SAFAX Vision
Cloud storage services have become increasingly popular in recent years. Users are often registered to multiple cloud storage services that suit different needs. However, data sharing is often implemented in an ad-hoc manner.
SAFAX provides a single point for users to deploy and manage their policies irrespective of where the data is actually stored. This provides significant benefits in cloud scenarios and in collaborative environments, where consumers need to share their data to other individuals in a secure manner.
Moreover, SAFAX decouples UDFs from the PDP and implement them as external, but pluggable services. This pluggable architecture allows SAFAX to be extensible in order to serve access requests that require complex processing in a scalable manner as well as consuming information from external sources.
To keep being up to date with SAFAX news, subscribe to the SAFAX mailing list.
TU/e - Security Group