XML-based access control languages

One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing security policies regulating interactions between parties and access to services and resources. Recent proposals for specifying and exchanging access control policies adopt XML-based languages. XML appears in fact a natural choice as the basis for the common security-policy language, due to the ease with which its syntax and semantics can be extended and the widespread support that it enjoys from all the main platform and tool vendors. In this chapter, we first investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration in designing an access control language for Internet information systems. We then focus on XML-based access control languages and, in particular, on the eXtensible Access Control Markup Language (XACML), a recent OASIS standardization effort. XACML is designed to express authorization policies in XML against objects that are themselves identified in XML. XACML can represent the functionalities of most policy representation mechanisms.

[1]  Fabio Massacci,et al.  An access control framework for business processes for web services , 2003, XMLSEC '03.

[2]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[3]  Bob Atkinson Web Services Security (WS-Security) , 2003 .

[4]  Ernesto Damiani,et al.  Towards securing XML Web services , 2002, XMLSEC '02.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[7]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[8]  Sabrina De Capitani di Vimercati,et al.  A comparison of modeling strategies in defining XML-based access control languages , 2004, Comput. Syst. Sci. Eng..

[9]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[10]  Ernesto Damiani,et al.  Securing SOAP e-services , 2002, International Journal of Information Security.

[11]  Stuart I. Feldman The Changing Face of E-Commerce: Extending the Boundaries of the Possible (E-Business) , 2000, IEEE Internet Comput..

[12]  Jean Bacon,et al.  An Architecture for Distributed OASIS Services , 2000, Middleware.

[13]  Ramakrishnan Srikant,et al.  An XPath-based preference language for P3P , 2003, WWW '03.

[14]  Sabrina De Capitani di Vimercati,et al.  Access control: principles and solutions , 2003, Softw. Pract. Exp..