A Policy Language for Integrating Heterogeneous Authorization Policies
نویسندگان
چکیده
In order to manage and enforce multiple heterogeneous authorization policies in distributed authorization environment, we defined the root policy specification language and its corresponding enforcing mechanism. In a root policy, the involved users and resources can be defined in coarse or finegrained. Each involved authorization policy’s storage, trust management and enforcement can be defined independently. These authorization policies can be enforced in distributed way. Policy schemas, policy subschemas and policy hierarchies can deal with complex authorization scenarios. The context constraint component makes the root policy is a context-aware authorization system. On the other hand multiple root policies can cooperate together to complete more complicated authorization tasks.
منابع مشابه
A Policy-Based Authorization System for Web Services: Integrating X-GTRBAC and WS-Policy
Authorization and access control in Web services is complicated by the unique requirements of the dynamic Web services paradigm. Amongst them is the requirement for a context-aware access control specification and a processing model to apply fine-grained access control on various components of a Web service. In this paper, we address these two requirements and present a policy-based authorizati...
متن کاملAn Effective Modality Conflict Model for Identifying Applicable Policies During Policy Evaluation
Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is n...
متن کاملTask - and - role - based access - control model for computational grid ∗
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based...
متن کاملA Distributed Authorization Language for Ambient Intelligence
Authorization is an open problem in Ambient Intelligence environments. The difficulty of implementing authorization policies lies in the open and dynamic nature of such environments. The information is distributed among various heterogeneous devices that collect, process, change, and share it. Previous work presented a fully distributed approach for reasoning with conflicts in ambient intellige...
متن کاملAnalysis of Communicating Authorization Policies
We present a formal language for specifying distributed authorization policies that communicate through insecure asynchronous media. The language allows us to write declarative authorization policies; the interface between policy decisions and communication events can be specified using guards and policy updates. The attacker, who controls the communication media, is modeled as a message deduct...
متن کامل