Extending XACML to support Credential Based Hybrid Access Control

Various research efforts are in progress to enforce credential based access control using XACML standard. The current standard of XACML supports attribute based access control [4,5,9,19]. While XACML accepts certified attributes through digital certificates, it does not support credential based access control in which the access conditions are defined not only in terms of credential attributes but also in terms of types of credentials. Credential based hybrid access control[7,11,14,20,21] has been proposed for systems having diversified access control requirements. The use of various types of credentials in access control policy specification provides easy and immediate access to unknown user in open access environment. Fine grained access control in closed administrative domain is achieved using Identity Credential and the attributes associated with the credentials. In this paper, we propose extensions to the XACML standard that support credential-based hybrid access control. The XACML access policy language has been extended to define access policy in terms of heterogeneous credentials. Each credential is uniquely identified by associating a category and type with it. The access policy contains various conditions over credentials and the attributes associated with the credentials. Enhancement to XACML framework has also been proposed so that credential based hybrid access policies can be evaluated and enforced. .