OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Using XML and XACML to Support Attribute Based Delegation



Perhaps of interest to this TC:

"Using XML and XACML to Support Attribute Based Delegation."

Chunxiao Ye and Zhongfu Wu (College of Computer Science,
Chongqing University 400044, China). Pages 751-756 in
The Fifth International Conference on Computer and Information
Technology (CIT 2005).  Published September 2005.

"This paper proposes an Attribute-Based- Delegation-Model (ABDM)
with an extended delegation condition consisting of both
delegation attribute expression (DAE) and prerequisite condition.
In ABDM, a delegatee must satisfy delegation condition
(especially DAE) when assigned to a delegation role. With
delegation condition, ABDM relieves delegator and security
administrator of security management work in delegation. To
implement ABDM, we use XML to describe user, permission, role,
delegation constraint, prerequisite condition and user's attribute
expression, and XACML to describe DAEs of permissions and roles
respectively. Also, we propose an extended data-flow model
based on XML and XACML to show how ABDM works... Bhatti
['XML-Based Specification for Web-Services Document Security']
proposes an XML-based RBAC language for document security in
XML-based web services. In James/Joshi ['Access-Control Language
for Multidomain Environments'], XML is used as an access control
language for RBAC in a multidomain environment. Toktar ['RSVP
Policy Control using XACML'] uses XACML to model and distribute
RSVP access control policies for RSVP-aware application servers.
To implement ABDM, we use XML and XACML as a UAE, CR and
delegation constraints, and a DAE of permission, role and
temporary delegation role definition language respectively.
Additional, we also save delegation results and other access
control data in XML repository... As a delegation model based
on permission and user's attribute, the main feature of ABDM is
that it uses user and permission attribute expression as a part
of delegation condition. ABDM is a securer delegation model for
it can restrict delegatees strictly. In our model, XML and XACML
are used to describe UAE, DAE, delegation constraint and other
access control data. We also propose a data-flow model and its
operation steps to show how our ABDM model works. We believe
specify and enforce more delegation constraints with XACML is
an interesting topic for future study..

http://xml.coverpages.org/xacml.html#yecxDelegation
http://doi.ieeecomputersociety.org/10.1109/CIT.2005.196

- Robin Cover



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]