An Access Control Service for Dynamic and Hierarchical Resources: Declarative Model and Implementation on Top of XACML
نویسندگان
چکیده
The increasing complexity of (distributed) information systems requires new solutions for dealing with access control problems. In particular, information systems are based on a large number of resources, with very complex structure, that must be accessed by a large variety of users. Traditional and instance based solutions are not adequate. In this paper, we propose a new approach to the problem. First of all, we define an access control model which is declarative, modular, hierarchical and instance independent, so that it is suitable for highly dynamic contexts. Then, we reports about the implementation of a Profile Service, which effectively exploits the XACML technology to simplify and shorten the development.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملExtending Role Based Access Control Model for Distributed Multidomain Applications
This paper presents the results related to the development of a flexible domain-based access control infrastructure for distributed Grid-based Collaborative Environments and Complex Resource Provisioning. The paper proposes extensions to the classical RBAC model to address typical problems and requirements in the distributed hierarchical resource management such as: hierarchical resources polic...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA context-sensitive dynamic role-based access control model for pervasive computing environments
Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar complexities necessitate dynamic and context-aware access control models for such environmen...
متن کامل