XML-Based Distributed Access Control System
نویسندگان
چکیده
The use of attribute certificates and the concept of mobile policies have been proposed to overcome some of the limitations of the role based access control (RBAC) paradigm and to implement security requirements such as the “originator controlled” (ORCON) policy. Mobile policies are attached to the data that they control and enforced by their execution in trusted servers. In this paper we extend this idea to allow the execution of the policies in untrusted systems. Our extension allows that policies are bound to the data but not attached to it. By this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designed to express policies in a simple and unambiguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.
منابع مشابه
XML-Based Revocation and Delegation in a Distributed Environment
The rapid increase on the circulation of data over the web has highlighted the need for distributed storage of Internet-accessible information due to the rapid increase on the circulation of data over the web. Thus, access control mechanisms should also be distributed in order to protect them effectively. A recent idea in the access control theory is the delegation and revocation of rights, i.e...
متن کاملAccess Control Infrastructure for Digital Objects
Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges on the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralized security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. T...
متن کاملSecuring XML Documents with Author-X
This Java-based access-control system supports secure XML document administration at varying levels of granularity. T he widespread adoption of XML for Web-based information exchange is laying a foundation for flexible granularity in information retrieval. XML can " tag " semantic elements, which can then be directly and independently retrieved through XML query languages. Further, XML can defi...
متن کاملXml Access Control in Native and Rdbms - Supported Xml Databases
As the eXtensible Markup Language (XML) has emerged as the de facto standard for storing and exchanging information in the Internet Age, the needs for efficient yet secure access of XML data naturally arise. It becomes increasingly important to be able to tailor information in XML data for various users and applications, while preserving confidentiality. In this dissertation, we ask how fine-gr...
متن کاملA Secure Mediator for Integrating Multiple Level Access Control Policies
We present a method for mapping security levels among the components of a distributed system where data in the local sources are represented in XML. Distributed data is integrated using a semantic-based approach that maps each XML schema into an RDF schema and subsequently integrates those schemas into a global RDF schema using a global as view (GAV) approach. We transform the security levels d...
متن کاملXML-Based Access Control Languages
One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing security policies regulating interactions between parties and access to services and resources. Recent proposals for specifying and exchanging access control policies adopt XML-based languages. XML appears in fact a natural choice as the basis for the common secur...
متن کامل