PERMIS (PrivilEge and Role Management Infrastructure Standards) is a sophisticated policy-based authorisation system that implements an enhanced version of the U.S. National Institute of Standards and Technology (NIST) standard Role-Based Access Control (RBAC) model. PERMIS supports the distributed assignment of both roles and attributes to users by multiple distributed attribute authorities, unlike the NIST model which assumes the centralised assignment of roles to users. PERMIS provides a cryptographically secure privilege management infrastructure (PMI) using public key encryption technologies and X.509 Attribute certificates to maintain users' attributes. PERMIS does not provide any authentication mechanism, but leaves it up to the application to determine what to use. PERMIS's strength comes from its ability to be integrated into virtually any application and any authentication scheme like Shibboleth (Internet2), Kerberos, username/passwords, Grid proxy certificates and Public Key Infrastructure (PKI).
As a standard RBAC system, PERMIS's main entities are an authorisation policy, a set of users, a set of administrators (attribute authorities) who assign roles/attributes to users, a set of resources that are to be protected, a set of actions on resources, a set of access control rules, and optional obligations and constraints. The PERMIS policy is eXtensible Markup Language (XML)-based and has rules for user-role assignments and role-privilege assignments, the latter containing optional obligations that are returned to the application when a user is granted access to a resource. A PERMIS policy can be stored as either a simple text XML file, or as an attribute within a signed X.509 attribute certificate to provide integrity protection and tampering detection. User roles and attributes may be held in secure signed X.509 attributes certificates, and stored in Lightweight Directory Access Protocol (LDAP) directories or Web-based Distributed Authoring and Versioning (WebDAV) repositories, or they may be created on demand as Security Assertion Markup Language (SAML) attribute assertions.
The PERMIS authorisation engine comprises two components: a Credential Validation Service that validates users' roles according to the user-role assignment rules, and the Policy Decision Point (PDP) that evaluates users' access requests according to the role-permission assignment rules (or access control rules). Access to a resource depends upon the roles/attributes assigned to the user, and the role-permission assignments, which can contain constraints based on the user's access request (e.g. "print less than 10 pages") and the environment (e.g. time of day). PERMIS can work in either push mode (the user attribute assignments are sent to PERMIS by the application) or in pull mode (PERMIS fetches the attribute assignments itself from LDAP/WebDAV repositories or SAML attribute authorities). PERMIS is an open source project and the Java source code can be downloaded from http://www.openpermis.org. Alternatively, precompiled Java libraries can be downloaded from http://sec.cs.kent.ac.uk/permis/.
PERMIS is unique with its support for cryptographically protecting the user attributes/roles and the policy, which guarantees their integrity and protects them from being tampered with. New features are continually being added to it, like a standard eXtensible Access Control Markup Language (XACML) interface which allows PERMIS and XACML PDPs to be seamlessly interchanged, the ability to accept SAML attribute assertions, support for dynamic delegation of authority and separation of duty policies, and the recent addition of a controlled natural language interface (in English) for writing simple PERMIS policies.