Managing the lifecycle of XACML delegation policies in federated environments
نویسندگان
چکیده
This paper presents an infrastructure that enables the use of administrative delegation in an effective way, reducing the complexity in the policy management for some specific scenarios. This infrastructure is in charge of managing the policies of the system during its lifecycle, for example when they are created by the users or when they are collected to take an authorization decision. The proposal makes use of a robust and extensible language as XACML in order to express the authorization policies. However, as we will see, the management infrastructure has been designed in a way that facilitates the task of the different users involved, assuming that those users do not have to be security experts or XACML-aware.
منابع مشابه
Automated Reasoning about XACML 3.0 Delegation Using Answer Set Programming
XACML is an XML-based declarative access control language standardized by OASIS. Its latest version 3.0 has several new features including the concept of delegation for decentralized administration of access control. Though it is important to avoid unintended consequences of ill-designed policies, delegation makes formal analysis of XACML policies highly complicated. In this paper, we present a...
متن کاملContext Dependent Revocation in Delegated XACML
The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes...
متن کاملA Safe Delegation Method for Web Services in Pervasive Computing Environments
Web Services are the new building block of today’s Internet, and provides interoperability among heterogeneous distributed systems. In this environment, security is one of the most critical issues. An attacker may expose user privacy and service information without authentication. Furthermore, in the pervasive computing environment, the users of web services must temporarily delegate some or al...
متن کاملCloud-based Identity and Access Control for Diagnostic Imaging Systems
The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Migrating DI systems to cloud platform is cost-effective and improves the quality of DI services. However, a major challenge is managing the identity of various participants (users, devices, applications) and ensuring that all service providers offer equivalent access control in cloud ecosystem. ...
متن کاملOntology-Based Delegation of Access Control: An Enhancement to the XACML Delegation Profile
Delegation of access control (i.e. transferring access rights on a resource to another tenant) is crucial to efficiently decentralize the access control management in large and dynamic scenarios. Most of the delegation methods available in the literature are based on the RBAC or ABAC models. However, their applicability can be hampered by: i) the effort required to manage and enforce multiple r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008