Context Dependent Revocation in Delegated XACML
نویسندگان
چکیده
The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes a revocation model for delegated XACML. A novel feature of this model is that whether a revocation is valid or not, depends not only on who issued the revocation, but also on the context in which an attempt to use the revoked policy is done.
منابع مشابه
Ontology-Based Delegation of Access Control: An Enhancement to the XACML Delegation Profile
Delegation of access control (i.e. transferring access rights on a resource to another tenant) is crucial to efficiently decentralize the access control management in large and dynamic scenarios. Most of the delegation methods available in the literature are based on the RBAC or ABAC models. However, their applicability can be hampered by: i) the effort required to manage and enforce multiple r...
متن کاملEnCoRe: Ensuring Consent and Revocation
We introduce refinement checking for privacy policies expressed in P3P and XACML. Our method involves a translation of privacy policies to a set of process specifications in CSP, which describe how the privacy policy is enforced. The technique is described through an example involving medical data collected by a biobank.
متن کاملProxy Signature with Revocation
Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer (or a group of proxy signers) who can then sign documents on behalf of the original signer. In this paper, we investigate the problem of proxy signature with revocation. The revocation of delegated signing ...
متن کاملModelling Delegation and Revocation Schemes in IDP
In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these delegation chains when revoking rights, which give rise to different revocation schemes. In this paper, we show how IDP – a knowledge base system that integrates technology from ASP, SAT and CP – ca...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کامل