What is the CHARON Framework?

CHARON is a general, open source and free framework for Service Access Control (SAC) in service networks, based on a well known architectural access control pattern. It consists of an access control architecture, service specifications and an implementation of services and tools to support SAC.

All outcome has been produced as a contribution to the SANY project so far and as part of the SANY project, we have derived requirements of an SAC solution from a number of practical use cases ( SANY 2008). These requirements state that an SAC Architecture needs to be:

  • Flexible: The SAC is applicable for arbitrary services in a large variety of use cases
  • Non-intrusive:
    • Service interfaces, implementations and messages may remain as they are
    • Service Messages need not be changed by SAC
    • Unsecured clients and services can communicate with secured counterparts
  • Scalable: An arbitrary number of SAC services can control an arbitrary number of protected services, for management, performance or organisational reasons
  • Standards based:
    • To provide a maximum of interoperability
    • To be able to use existing security building blocks
  • Extensible:
    • To be able to incorporate additional security measures (like integrity, encryption)
    • To be able to fulfil use case specific requirements (e.g. spatially restricted access)