XML for RBAC Administration in Enterprise Environment
نویسنده
چکیده
We have proposed an object -oriented RBAC (ORBAC) model to efficiently represent the real world. Though ORBAC is a good model, administration of ORBAC including creating and maintaining an access control security policy still remains a challengeable problem. In this paper, we present a practical method that can be employed in an enterprise environment to manage security policies using eXtensible Markup Language (XML). Based on ORBAC security policy expressed in XML, a role assignment algorithm is presented, the computation complexity of the algorithms is O(N) where N is the number of position roles in user’s assigned position role scope.
منابع مشابه
An Improved Administration Method on Role-Based Access Control in the Enterprise Environment
Access control is a difficult security issue for enterprise organizations. Role-based access control (RBAC) model is well known and recognized as a good security model for enterprise environment. Though RBAC is a good model, administration of RBAC including building and maintaining access control information remains a difficult problem in large companies. RBAC model itself does not tell the sol...
متن کاملSchema Based XML Security: RBAC Approach
As a platform-independent solution, XML is going to be used in many environments such as application integration and Web Services. Security of XML instance is a basic problem, especially in enterprise with large number of users and XML objects as well as complex authorizations administration. In this paper, a role-based access control (RBAC) model based on XML Schema is proposed. RBAC has been ...
متن کاملA Policy Validation Framework for Enterprise Authorization Specification
The validation of enterprise authorization specification for conformance to enterprise security policies requires an out-of-band framework in many situations since the enforcing access control mechanism does not provide this feature. In this paper we describe one such framework. The framework uses XML to encode the enterprise authorization specification, XML Schema to specify the underlying acc...
متن کاملAccess Control in Dynamic XML-Based Web-Services with X-RBAC
Policy specification for securing Web services is fast emerging as a key research area due to rapid proliferation of Web services in modern day enterprise applications. Whilst the use of XML technology to support these Web services has resulted in their tremendous growth, it has also introduced a new set of security challenges specific to these Web services. Though there has been recent researc...
متن کاملSpecification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints
The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise access control data developed based on that model, for conformance to the model as well as domain-...
متن کامل