Offline Expansion of XACML Policies
نویسندگان
چکیده
In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in Semantic-Web style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes. In this paper, we discuss how standard XACML policies can handle ontology-based resource and subject descriptions based on the standard P3P base data schema. We show that XACML conditions can be transparently expanded according to ontology-based models representing semantics. Our expansion technique greatly reduces the need for online reasoning, and decreases the system administrator’s effort for producing consistent rules when users’ descriptions comprise multiple credential with redundant attributes.
منابع مشابه
Offline Expansion of XACML Policies Based on P3P Metadata
In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in semanticWeb style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes. In this p...
متن کاملDetecting Incompleteness, Conflicting and Unreachability XACML Policies using Answer Set Programming
Recently, XACML is a popular access control policy language that is used widely in many applications. Policies in XACML are built based on many components over distributed resources. Due to the expressiveness of XACML, it is not trivial for policy administrators to understand the overall effect and consequences of XACML policies they have written. In this paper we show a mechanism and a tool ho...
متن کاملEnhancing Database Access Control with XACML Policy
XACML is apparently the most convenient way to express attribute-based access control policies. Though XACML has been used in several access control areas, processing XACML policies for attribute-based database access control still has not been studied in depth. In this work we compile XACML policies, and utilize the underlying database access mechanisms such as ACLs to protect sensitive data. ...
متن کاملAutomated Verification of XACML Policies Using a SAT Solver
Web-based software systems are increasingly used for accessing and manipulating sensitive information. Managing access control policies in such systems can be challenging and error-prone, especially when multiple access policies are combined to form new policies, possibly introducing unintended consequences. In this paper, we present a framework for automated verification of access control poli...
متن کاملAutomated Reasoning about XACML 3.0 Delegation Using Answer Set Programming
XACML is an XML-based declarative access control language standardized by OASIS. Its latest version 3.0 has several new features including the concept of delegation for decentralized administration of access control. Though it is important to avoid unintended consequences of ill-designed policies, delegation makes formal analysis of XACML policies highly complicated. In this paper, we present a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005