[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Using XML and XACML to Support Attribute Based Delegation
Perhaps of interest to this TC: "Using XML and XACML to Support Attribute Based Delegation." Chunxiao Ye and Zhongfu Wu (College of Computer Science, Chongqing University 400044, China). Pages 751-756 in The Fifth International Conference on Computer and Information Technology (CIT 2005). Published September 2005. "This paper proposes an Attribute-Based- Delegation-Model (ABDM) with an extended delegation condition consisting of both delegation attribute expression (DAE) and prerequisite condition. In ABDM, a delegatee must satisfy delegation condition (especially DAE) when assigned to a delegation role. With delegation condition, ABDM relieves delegator and security administrator of security management work in delegation. To implement ABDM, we use XML to describe user, permission, role, delegation constraint, prerequisite condition and user's attribute expression, and XACML to describe DAEs of permissions and roles respectively. Also, we propose an extended data-flow model based on XML and XACML to show how ABDM works... Bhatti ['XML-Based Specification for Web-Services Document Security'] proposes an XML-based RBAC language for document security in XML-based web services. In James/Joshi ['Access-Control Language for Multidomain Environments'], XML is used as an access control language for RBAC in a multidomain environment. Toktar ['RSVP Policy Control using XACML'] uses XACML to model and distribute RSVP access control policies for RSVP-aware application servers. To implement ABDM, we use XML and XACML as a UAE, CR and delegation constraints, and a DAE of permission, role and temporary delegation role definition language respectively. Additional, we also save delegation results and other access control data in XML repository... As a delegation model based on permission and user's attribute, the main feature of ABDM is that it uses user and permission attribute expression as a part of delegation condition. ABDM is a securer delegation model for it can restrict delegatees strictly. In our model, XML and XACML are used to describe UAE, DAE, delegation constraint and other access control data. We also propose a data-flow model and its operation steps to show how our ABDM model works. We believe specify and enforce more delegation constraints with XACML is an interesting topic for future study.. http://xml.coverpages.org/xacml.html#yecxDelegation http://doi.ieeecomputersociety.org/10.1109/CIT.2005.196 - Robin Cover
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]