Interoperable Access Control Policies: A XACML and RIF Demonstration
نویسندگان
چکیده
eXtensible Access Control Markup Language (XACML), an OASIS standard language for the specification of access control rules, has been widely deployed in many Web-based systems. However, many domains still use their custom solutions to manage authorizations. This makes collaboration between and integration over applications and domains using disparate policy language difficult and requires prior negotiation and agreement between them. Rule Interchange Format (RIF) is an interlingua being developed at W3C to allow the exchange of rules between rule systems. We propose to express XACML as RIF in order to enable XACML policy rules to be understood by any RIF based system. In this paper, we present the design of our translator from/to XACML to/from RIF by mapping XACML constructs to RIF. Our translator will enable the exchange of RIF encoded XACML rules among different policy systems.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملEnhancing Database Access Control with XACML Policy
XACML is apparently the most convenient way to express attribute-based access control policies. Though XACML has been used in several access control areas, processing XACML policies for attribute-based database access control still has not been studied in depth. In this work we compile XACML policies, and utilize the underlying database access mechanisms such as ACLs to protect sensitive data. ...
متن کاملRole-Based Access Control for Cyber-Physical Systems Using Shibboleth
In this paper, we propose a role-based access control (RBAC) system for the distributed resources in a cyber-physical system. Current identity-based access control systems cause substantial administration overhead for the resource managers in the cyberphysical system because of the direct mapping between individual users and the access privileges on the resources. Our RBAC system uses Shibbolet...
متن کاملDetecting Incompleteness, Conflicting and Unreachability XACML Policies using Answer Set Programming
Recently, XACML is a popular access control policy language that is used widely in many applications. Policies in XACML are built based on many components over distributed resources. Due to the expressiveness of XACML, it is not trivial for policy administrators to understand the overall effect and consequences of XACML policies they have written. In this paper we show a mechanism and a tool ho...
متن کاملFormal Analysis of Access Control Policies
We present a formal (model-based) approach to describing and analysing access control policies. This approach allows us to evaluate access requests against policies, compare versions of policies with each other and check policies for internal consistency. Access control policies are described using VDM, a statebased formal modelling language. Policy descriptions are concise and may be easily ma...
متن کامل