The FAME Assets Policy Manager: Unlocking Secure Asset Management

October 31, 2024

In the dynamic world of digital assets, security and accessibility are paramount. The FAME consortium partners are proud to unveil its plans for the extension and enhancement of its innovative solution that revolutionizes asset management within the FAME project: the Assets Policy Manager (APM). Driven by UBITECH, with the invaluable contributions of NRS and INQBIT, the APM sets a new standard for secure asset management, ensuring that the right people have access to the right assets at the right time.

What is the Assets Policy Manager?

At its core, the Assets Policy Manager (APM) acts as the guardian of asset security within the FAME project. This innovative component provides dual functionality, both of which are essential to FAME’s seamless operation:

  • Policy Lifecycle Management: The APM enables FAME users to oversee the entire lifecycle of policies governing the assets they own and manage. Leveraging a Rule-Based Access Control (RBAC) model, the APM combines user and organizational attributes to create nuanced policy rules. As the Policy Decision Point (PDP), it ensures that only authenticated and authorized individuals or organizations can access assets, serving as the central authority for access control enforcement throughout the system.
  • User Asset Overview: The APM offers end-users a comprehensive view of the assets they have access to, whether uploaded by themselves, their organization, or acquired through active contracts. This transparency enhances asset management, empowering users to effortlessly track and manage their asset portfolios.

The Power Behind APM: Technical Specifications

The power of the APM lies in its modular architecture. The first version of the APM is composed of two key modules:

  • Assets Policy Editor: This module allows asset owners to define access policies based on confidentiality levels (Confidential, Public, Restricted). With an intuitive user interface and full REST API support, defining policies is simple and integrates seamlessly with other FAME components.
  • Assets Policy Engine: Acting as the Policy Decision Point (PDP), the Policy Engine determines asset visibility and ownership for users, ensuring access to relevant assets based on defined policies and user attributes. Through its integration with other FAME modules, including the Authentication & Authorization Infrastructure (AAI) and Trading and Monetization (T&M), the Engine guarantees consistent and secure access control.

Driving Innovation, Ensuring Security

The APM was conceived to meet the FAME project’s technical requirements, addressing key objectives outlined in Deliverable D2.1. It fulfills essential needs, such as:

  • Managing and enforcing access and visibility restrictions on assets based on defined criteria.
  • Supporting security policies across different data marketplaces and spaces.
  • Enabling the discovery, acquisition, and local download of assets hosted in various marketplaces and data spaces.

By addressing these core requirements, the APM solidifies its role as a cornerstone of the FAME ecosystem, enabling secure and efficient access management and policy enforcement.

What’s Next: Integration of Dynamic Access Control

Artificial intelligence (AI) and machine learning (ML) services typically require substantial computational resources. FAME, as a federated distributed system, contains a collection of advanced AI/ML microservices that may consume significant amounts of resources. Since federated systems are open-ended due to their autonomy and heterogeneity, there is no inherent control over resource consumption, which is only limited by the performance of the execution platform.

Moving forward in the project, the second and final version of the FAME APM will introduce dynamic access control policies aimed at optimizing the utility of AI/ML services while minimizing energy consumption. These dynamic policies will include rate limiting that adjusts according to fluctuating energy prices, allowing for the prioritization of clients based on subscription plans and the criticality of services provided.

Traditional rate-limiting techniques focus on network traffic parameters. The innovative approach to be developed, integrated and validated through FAME, will limit the rate by the energy consumed by AI/ML services—an essential distinction for controlling energy usage. This innovative solution will prove invaluable in scenarios where energy conservation is paramount.

More info:
UBITECH