Impact Factor
7.883
Call For Paper
Volume: 12 Issue 06 June 2026
Download Paper Format
Copyright Form
LICENSE
Under License of
Creative Commons Attribution-NonCommercial 4.0 International LicensPg-taf: Policy Governed Tool Access Framework
-
Author(s):
Sahana P S | Shobika S A | V. Karpagam
-
Keywords:
Policy Enforcement, Access Control, API Governance, Enterprise Security, Multi-Tenant Systems, Secret Management, Gateway Architecture, Auditability
-
Abstract:
Modern Enterprises Rely On A Growing Number Of Internal Tools, APIs, And Automated Agents To Perform Critical Operations. However, Direct Tool Access Models Often Result In Fragmented Authorization Logic, Embedded Credentials, Poor Auditability, And Limited Governance. These Challenges Increase Security Risks And Operational Complexity, Particularly In Multi-tenant Environments [10]. This Paper Presents The Policy Governed Tool Access Framework (PG-TAF), A Centralized Control Framework Designed To Enforce Secure, Policy-driven Access To Tools And APIs. PG-TAF Introduces A Gateway-based Architecture Where All Tool Requests Are Evaluated Against Configurable Authorization Policies Before Execution [8]. The Framework Integrates Identity Management, Role-based And Attribute-based Access Control (RBAC And ABAC) [1], [3], Centralized Secret Handling With Runtime Injection [9], Lifecycle Enforcement, And Immutable Audit Logging. Unlike Traditional Direct-access Systems, PG-TAF Enables Instant Secret Rotation Without Client-side Updates And Provides Explainable Policy Decisions With Organizational And Workspace-level Precedence Rules. The System Follows A Microservices Architecture To Ensure Separation Of Concerns, Scalability, And Tenant Isolation [7]. A Controlled Evaluation Is Conducted To Analyze Authorization Latency Overhead, Operational Efficiency In Secret Rotation, And Policy Enforcement Correctness Across Multiple Scenarios. Results Demonstrate That PG-TAF Introduces Predictable And Bounded Performance Overhead While Significantly Improving Governance, Auditability, And Operational Security. The Proposed Framework Provides A Practical Foundation For Enterprise-grade Tool Orchestration And Secure API Governance In Modern Distributed Environments.
Other Details
-
Paper id:
IJSARTV12I4104962
-
Published in:
Volume: 12 Issue: 4 April 2026
-
Publication Date:
2026-04-10
Download Article