[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] XML Access Control Policy Example
This is the XML Access Control Policy Example based on the XACML RequestContext proposal. I follow the style that Anne used: - Access request description in English - XACML Context specification of the above - Sample J2SE policy in English - XACML policy specification of the above (not exact one, simplified description is enough) - How XACML policy specification refers to each attribute in XACML Context - Desirable final decision - ... EXAMPLE ACCESS REQUEST DESCRIPTION IN ENGLISH Read access has been requested for the element of "record/patient/patientDoB" of the XML instance "//medico.com/med.xml" which schema is defined as "medico.com/records.xsd" The user executing the thread from which the access request was generated was authenticated as o NameIdentifier is "Julius Hibbert", NameQualifier is "//medico.com" o Role is "Physician", AttributeQualifier is "//medico.com" PROPOSED XACML CONTEXT SPECIFICATION OF THE ABOVE - Unabbreviated Syntax (target XML is referred by "ResourceURI") <xacml:RequestContext> <xacml:ContextPrincipals> <xacml:Principal PrincipalType="RequestingUser"> <xacml:Attribute AttributeName="NameIdentifier" AttributeNamespace="//medico.com"> Julius Hibbert </xacml:Attribute> <xacml:Attribute AttributeName="Role" AttributeNamespace ="//medico.com"> Physician </xacml:Attribute> </xacml:Principal> </xacml:ContextPrincipals> <xacml:ContextResource> <xacml:Resource ResourceType="XML"> <xacml:Attribute AttributeName="ResourceURI"> //medico.com/med.xml </xacml:Attribute> <xacml:Attribute AttributeName="XPath"> record/patient/patientDoB </xacml:Attribute> <xacml:Attribute AttributeName="XMLSchema"> medico.com/records.xsd </xacml:Attribute> </xacml:Resource> </xacml:ContextResource> <xacml:ContextAction> <xacml:Action ActionType="XMLAction"> <xacml:Attribute AttributeName="read"/> </xacml:Action> </xacml:ContextAction> </xacml:RequestContext> - Abbreviated Syntax (target XML is referred by "ResourceURI") <xacml:RequestContext> <xacml:ContextPrincipals> <x:RequestingUser> <x:NameIdentifier AttributeNamespace="//medico.com"> Julius Hibbert</x:NameIdentifier> <x:Role AttributeNamespace="//medico.com">Physician</x:Role> </x:RequestingUser> </xacml:ContextPrincipals> <xacml:ContextResource> <x:XML> <x:ResourceURI>//medico.com/med.xml</x:ResourceURI> <x:XPath>record/patient/patientDoB</x:XPath> <x:XMLSchema>medico.com/records.xsd</x:XMLSchema> </x:XML> </xacml:ContextResource> <xacml:ContextAction> <x:XMLAction> <x:read/> </x:XMLAction> </xacml:ContextAction> </xacml:RequestContext> SAMPLE POLICY IN ENGLISH Grant read access to resource "//medico.com/med.xml" "record/patient/patienDoB" "medico.com/records.xsd" if the requesting user's role is a Physician. XACML POLICY SPECIFICATION OF THE ABOVE The following rule is included in an xacml:policyStatement where the ruleCombiningAlgId allows access if any rule allows access. - Unabbreviated Syntax <xacml:rule ruleId="rule1" effect="Permit"> <xacml:target> <xacml:subjects> <xacml:subjectEq AttributeSelector="Principal[@PrincipalType ='RequestingUser']/Attribute[@AttributeName = 'Role']"> Physician </xacml:subject> </xacml:subjects> <xacml:resources> <xacml:resourceEq AttributeSelector="Resource[@ResourceType ='XML']/Attribute[@AttributeName = 'ResourceURI']"> //medico.com/med.xml </xacml:resourceEq> <xacml:resourceEq AttributeSelector="Resource[@ResourceType ='XML']/Attribute[@AttributeName = 'XPath']"> /record/patient/patientDoB </xacml:resourceEq> <xacml:resourceEq AttributeSelector="Resource[@ResourceType ='XML']/Attribute[@AttributeName = 'XMLSchema']"> medico.com/records.xsd </xacml:resourceEq> </xacml:resources> <xacml:actions> <xacml:actionEq AttributeSelector="Action[@ActionType ='XMLAction']/Attribute/@AttributeName"> read <xacml:actionEq> </xacml:actions> </xacml:target> </xacml:rule> - Abbreviated Syntax <xacml:rule ruleId="rule1" effect="Permit"> <xacml:target> <xacml:subjects> <xacml:subjectEq AttributeSelector ="/x:RequestingUser/x:Role">Physician</xacml:subjectEq> </xacml:subjects> <xacml:resources> <xacml:resourceEq AttributeSelector ="/x:XML/x:ResourceURI">//medico.com/med.xml</xacml:resourceEq> <xacml:resourceEq AttributeSelector ="/x:XML/x:XPath">/record/patient/patientDoB</xacml:resourceEq> <xacml:resourceEq AttributeSelector ="/x:XML/x:XMLSchema">medico.com/records.xsd</xacml:resourceEq> </xacml:resources> <xacml:actions> <xacml:actionEq AttributeSelector="/x:XMLAction/local-name ()">read<xacml:actionEq> </xacml:actions> </xacml:target> </xacml:rule> HOW XACML POLICY SPECIFICATION REFERS TO EACH ATTRIBUTE IN XACML CONTEXT - The unabbreviated policy refers to the unabbreviated XACML Context. The abbreviated policy refers to the abbreviated XACML Context. - In the example above, I have used full XPATH expressions starting from RequestContext to refer to attributes in the request context. Under the rule/target/subjects section of a rule, I assumed that the root is RequestContext/ContextPrincipals. I assumed similarly for the resource and the action section of a rule. - A set of entries in the subject and the resource element is connected by AND. For example, the target resource should be that the resource URI is "//medico.com/med.xml", the XPath matches "/record/patient/patientDoB", and the XML Schema is "medico.com/records.xsd". - The target resource is referred in two ways: a detached resource and an embedded resource. For the former, the target XML instance is referred using URI. In the latter, the target XML body is embedded in XACML Context. System deals with the target XML instance as if it starts just from the child element of the resource element with resourceBody attribute. Unabbreviated Syntax (target XML is embedded in "ResourceBody") <xacml:ContextResource> <xacml:Resource ResourceType="XML"> <xacml:Attribute AttributeName="ResourceBody"> <y:record xmlns="medico.com/records.xsd" ...> <y:patient> <y:patientName> <y:patientDoB> ... </y:record> </xacml:Attribute> </xacml:Resource> </xacml:ContextResource> When the target XML instance is referred from the policy, the root element of the target XML should be located just below the <Attribute> element. DESIRABLE FINAL DECISION Since this example is based on the proposal "XACML Context proposal based on more flatten structure", the flatten XACML Context structure is desirable final decision. Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC