Access Negotiation within XACML Architecture
نویسندگان
چکیده
Web services offer a possibility of exchanging data between entities from different organizational bounderies. Keeping sensitive resources private in a public world is a common concern of service providers. Thus, there is a need for access control management at the level of the web services in addition to a prior negotiation of access. This negotiation is the first step in the access control management to establish trust and gather the needed resources for access request’s evaluation. We propose in this article an negotiation methodology based on resource classification. This methodology is used in the negotiation process. We present the architecture used for negotiation of access and access control management. We decide to use the XACML architecture since we have proposed to investigate the web service applications. Thus, we choose the extended RBAC profile of XACML. This extended profile responds to advanced access control requirements and allows the expression of several access control models within XACML.
منابع مشابه
XeNA: an access negotiation framework using XACML
XeNA is a new model for the negotiation of access within an extended eXtensible Access Control Markup Language (XACML) architecture. We bring together trust management through a negotiation process and access control management within the same architecture. The negotiation process based on resource classification methodology occurs before the access control management. A negotiation module at t...
متن کاملXACML and Risk-Aware Access Control
Over the last few years there has been a rapid development of technologies such as ubiquitous computing and distributed multi-agent systems. As a consequence an increasing need to share information securely in a distributed dynamic environment has arisen. Risk-aware access control (RAAC) has recently shown promise as an approach to addressing this need of flexible and dynamical access control r...
متن کاملInteroperable Access Control Policies: A XACML and RIF Demonstration
eXtensible Access Control Markup Language (XACML), an OASIS standard language for the specification of access control rules, has been widely deployed in many Web-based systems. However, many domains still use their custom solutions to manage authorizations. This makes collaboration between and integration over applications and domains using disparate policy language difficult and requires prior...
متن کاملTowards a Full Support of Obligations in XACML
Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy. XACML (eXtensible Access Control Markup Language) proposes a conceptual architecture and a policy language to reflect this ideal design of policy-based systems. However, while rights are well-captured by authorizations, duties, also called obligations, are...
متن کاملTowards a Reference Architecture for Access Control in Distributed Web Applications
Web services are independently written and managed, each with its own access control policy, thus it is challenging to control the access to the information they own. A particularly difficult case occurs when a service invokes another service to satisfy an initial request. We call this ”Transitive access problem”. To tackle this issue, we propose to use XACML for defining Attribute based Access...
متن کامل