A Prototype for Enforcing Usage Control Policies Based on XACML

نویسندگان

Aliaksandr Lazouski

Fabio Martinelli

Paolo Mori

چکیده

The OASIS XACML standard emerged as a pure declarative language allowing to express access control. Later, it was enriched with the concept of obligations which must be carried out when the access is granted or denied. In our previous work, we presented U-XACML, an extension of XACML that allows to express Usage Control (UCON). In this paper we propose an architecture for the enforcement of U-XACML, a model for retrieving mutable attributes, and a proof-of-concept implementation of the authorization framework based on web-services.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation

The adoption of XACML as the standard for specifying access control policies for various applications, especially web services is vastly increasing. A policy evaluation engine can easily become a bottleneck when enforcing large policies. In this paper we propose an adaptive approach for XACML policy optimization. We proposed a clustering technique that categorizes policies and rules within a po...

متن کامل

BP-XACML an Authorisation Policy Language for Business Processes

XACML has become the defacto standard for enterprisewide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models th...

متن کامل

A Work ow Reference Monitor for Enforcing Purpose-Based Policies

Purpose is a key concept in privacy policies. Based on the purpose framework developed in our earlier work [11] we present an access control model for a work ow-based information system in which a work ows reference monitor ( WfRM ) enforces purpose-based policies. We use a generic access control policy language and show how it can be connected to the purpose modal logic language ( PML ) to lin...

متن کامل

A Cloud - based Resource and Service Sharing Platform for Computer and Network Security Education

1. Automated Reasoning about Web Access Control Policies via Answer Set Programming Gail-Joon Ahn*, Joohyung Lee*, Hongxin Hu and Yunsong Meng Summary: We introduce a logic-based policy management approach for XACML (eXtensible Access Control Markup Language), which has become the defacto standard for specifying and enforcing access control policies for various applications and services in curr...

متن کامل

A XML Policy-Based Approach for RSVP

This work proposes a XML-based framework for distributing and enforcing RSVP access control policies, for RSVP-aware application servers. Policies are represented by extending XACML, the general purpose access control language proposed by OASIS. Because RSVP is a specific application domain, it is not directly supported by the XACML standard. Hence, this work defines the XACML extensions requir...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2012

A Prototype for Enforcing Usage Control Policies Based on XACML

نویسندگان

چکیده

منابع مشابه

Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation

BP-XACML an Authorisation Policy Language for Business Processes

A Work ow Reference Monitor for Enforcing Purpose-Based Policies

A Cloud - based Resource and Service Sharing Platform for Computer and Network Security Education

A XML Policy-Based Approach for RSVP

عنوان ژورنال:

اشتراک گذاری