<p>Authorization in its most basic form can be<br />reduced to a simple question: “May a subject X access an object<br />Y?” The attempt to implement an adequate response to this<br />authorization question has produced many access control models<br />and mechanisms. The development of the authorization<br />mechanisms usually employs frameworks, which usually<br />implements one access control model, as a way of reusing larger<br />portions of software. However, some authorization requirements,<br />present on recent applications, have demanded for software<br />systems to be able to handle security policies of multiple access<br />control models. Industry has resolved this problem in a<br />pragmatic way, by using the framework to solve part of the<br />problem, and mingling business and the remaining authorization<br />concerns into the code. The main goal of this paper is to present a<br />comparative analysis between the existing frameworks developed<br />either within the academic and industry environments. This<br />analysis uses a motivating example to present the main industry<br />frameworks and consider the fulfillment of modularity,<br />extensibility and granularity requirements facing its suitability<br />for the existing access control models. This analysis included the<br />Esfinge Guardian framework, which is an open source<br />framework developed by the authors that provides mechanisms<br />that allows its extension to implement and combine different<br />authorization models.</p>
National internal security policies across Europe – a comparative analysis applying big data clustering techniques