These 3 theses realized during the fall semester 2008 advanced the HERAS^AF project in different areas. PDP - PDP Communication Christoph Egger and Patrik Dietschweiler realized this thesis during a Student Research Project during their Bachelor studies. The HERAS^AF PDP Implementation is now capable of loading referenced policies from a remote or the local PDP. The referenceloading is optimized that as few loadings as possible are needed. This is done with two different approaches: All references that point to the local PDP are exchanged with hard object references of the policy objects. Therefore no more referenceloading is needed for local references. For the references that point to a remote PDP there are two different possibilites implemented: Load First: This approach loads all remote references at the beginning of a request evaluation. Load Last: This approach loads a remote references during the evaluation if the particular remote policy is required. Policy Information Point Ylli Sylejmani and Tobias Forster realized this thesis during a Student Research Project during their Bachelor studies. The HERASAF PIP Implementation is cabpable of resolving attributes from different information sources. The implementation is able to handle a heterogenic landscape of attribute-repositories. The pluggable and configurable design allows the implementation of specific connectors to access various attribute-repositories. Two different connectors were implemented: XPath module: This module is capable of extracting attributes from the request context using XPath queries. SQL module: This module is capable of extracting attributes from a repository that is accessible with SQL. Analysis of Access Control Policies Florian Huonder realized this thesis during a Student Research Project during his Master studies. This thesis lays the basis for a methodology that supports e.g. a security officer within a company with creating policies in an easy way. This is done through a case study that is covering the policy analysis. Starting with a policy in its narrative text form it proceeds over identifying and structuring the vocabulary, up to the creation of a Policy Model. This Policy Model represents the policies in a formal way, ready to be transformed into a formal language like XACML. In conjunction with this thesis a new section on the homepage was created. The new research area of and . Code base The changes made to the HERAS^AF code base were done in separate branches during the theses. The newly created PIP is fully merged into the 0.11.1-SNAPSHOT trunk. From the PDP-PDP thesis the preprocessor is also merged into the 0.11.1-SNAPSHOT trunk. The reference loader part is still under review and therefore not yet in the trunk.(http://svn.herasaf.org).