XeNA: an access negotiation framework using XACML
نویسندگان
چکیده
XeNA is a new model for the negotiation of access within an extended eXtensible Access Control Markup Language (XACML) architecture. We bring together trust management through a negotiation process and access control management within the same architecture. The negotiation process based on resource classification methodology occurs before the access control management. A negotiation module at the core of this negotiation process is in charge of collecting resources required to establish a level of trust and to insure a successful evaluation of access. The access control management is based on an extended RoleBased Access Control (RBAC) profile of XACML. This extended profile responds to advanced access control requirements and allows the expression of several access control models within XACML.
منابع مشابه
Access Negotiation within XACML Architecture
Web services offer a possibility of exchanging data between entities from different organizational bounderies. Keeping sensitive resources private in a public world is a common concern of service providers. Thus, there is a need for access control management at the level of the web services in addition to a prior negotiation of access. This negotiation is the first step in the access control ma...
متن کاملInteroperable Access Control Policies: A XACML and RIF Demonstration
eXtensible Access Control Markup Language (XACML), an OASIS standard language for the specification of access control rules, has been widely deployed in many Web-based systems. However, many domains still use their custom solutions to manage authorizations. This makes collaboration between and integration over applications and domains using disparate policy language difficult and requires prior...
متن کاملA Logic-Based Framework for Web Access Control Policies
Title of dissertation: A LOGIC-BASED FRAMEWORK FOR WEB ACCESS CONTROL POLICIES Vladimir Kolovski, Doctor of Philosophy, 2008 Dissertation directed by: Professor James Hendler Department of Computer Science With the widespread use of web services, there is a need for adequate security and privacy support to protect the sensitive information these services could provide. As a result, there has be...
متن کاملAn Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies
In this paper we discuss implementation issues of a distributed privacy enforcement scheme to support Owner-Retained Access Control for digital data repositories. Our approach is based on the Java Security Framework. In order to achieve policy enforcement dependent on the accessed data object, we had to implement our own class loader that supports instance-level policy assignment. Access polici...
متن کاملExtending XACML to support Credential Based Hybrid Access Control
Various research efforts are in progress to enforce credential based access control using XACML standard. The current standard of XACML supports attribute based access control [4,5,9,19]. While XACML accepts certified attributes through digital certificates, it does not support credential based access control in which the access conditions are defined not only in terms of credential attributes ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Annales des Télécommunications
دوره 64 شماره
صفحات -
تاریخ انتشار 2009