Modern Standard-based Access Control in Network Services: XACML in action
نویسندگان
چکیده
Access control in distributed systems is a complex problem that can be tackled in several ways. The XACML standard provides a possible solution, with several benefits and some drawbacks. In this paper we investigate the concepts behind distributed access control, review the XACML standard, and provide practical suggestions about the components to be used in building a XACML-based distributed access control system.
منابع مشابه
A Cloud - based Resource and Service Sharing Platform for Computer and Network Security Education
1. Automated Reasoning about Web Access Control Policies via Answer Set Programming Gail-Joon Ahn*, Joohyung Lee*, Hongxin Hu and Yunsong Meng Summary: We introduce a logic-based policy management approach for XACML (eXtensible Access Control Markup Language), which has become the defacto standard for specifying and enforcing access control policies for various applications and services in curr...
متن کاملZugriffskontrolle in serviceorientierten Architekturen am Beispiel von Geodateninfrastrukturen
The central components of spatial data infrastructures (SDIs) are Geo Web Services. These services provide functionalities that allow distributed users to use and manage spatial data. Various business rules, legal restrictions and commercial interests require the deployment of access control systems in SDIs. These systems must ensure that only authorized interactions between users and services ...
متن کاملWhy We Should Take a Second Look at Access Control in Unix
Unix is an operating system that began development almost 40 years ago. It has a very simple mechanism for controlling access to protected resources based on the owner-group-world model. This simple model has not attracted much interest from the access control community. In this paper we argue that the Unix access control mechanism has some interesting features of relevance to modern authorizat...
متن کاملReasoning about XACML Policy Descriptions in Answer Set Programming (Preliminary Report)
The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized services while providing more convenient services to Internet users through such a cuttingedge technological growth. Furthermore, desig...
متن کاملOffline Expansion of XACML Policies
In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in Semantic-Web style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes. In this ...
متن کامل