Search

Browse

• Communities
• Authors
• Year
• Titles
• Subjects

My Space

• Login

Design of access control in STELAR knowledge Lake management system

Bakatselos Nikolaos

Full record

---

Summary

As data ecosystems grow in scale and complexity, ensuring secure and consistent access control becomes a critical challenge—especially in integrated platforms like the STELAR Knowledge Lake Management System (KLMS). Designed for the agri-food sector, STE-LAR brings together multiple services, including metadata cataloging (CKAN), object storage (MinIO), and workflow management, each with its own access control mecha-nisms. This diversity can lead to fragmented security policies, redundant error-prone configurations and administrative overhead. This thesis presents the design and implementation of a centralized, declarative access control framework for STELAR KLMS. The proposed system introduces a YAML-based policy specification language that allows administrators to define fine-grained, role-based access rules in a human-readable and maintainable format. Identity and access management are unified through Keycloak, enabling single sign-on and federated authentication using standards like OAuth 2.0 and OpenID Connect. The access control architecture includes a core policy controller, real-time policy evaluation, and automated reconciliation mechanisms that synchronize permissions across all components. This approach ensures scalable, consistent, and context-aware access control while reducing configuration errors and improving overall platform security. The system has been evaluated in realistic deployment scenarios, demonstrating its effectiveness, performance, and administrative efficiency.

Available Files

Services