Extended Authorization Policy for Graph-Structured Data

Abstract The high increase in the use of graph databases also for business- and privacy-critical applications demands a sophisticated, flexible, fine-grained authorization access control (AC) approach. Attribute-based (ABAC) supports definition rules policies. Attributes can be associated with subject, requested resource action, but environment. Thus, this is promising starting point. However, specific characteristics graph-structured data, such as attributes on vertices edges along path from given subject to accessed, are not yet considered. well-established eXtensible Access Control Markup Language (XACML), which defines declarative language fine-grained, attribute-based policies, basis our proposed approach—XACML Graph-structured data (XACML4G). additional path-specific constraints, described patterns, demand specialized processing policies well adapted enforcement decision-making process. To demonstrate XACML4G its process, we present scenario university domain. Due project’s environment, prototype built multi-model database ArangoDB. Finally, compliance quality standards systems administration assessed. results further studies concerning performance practice planned.