XACML-Based Policy-Driven Access Control for Mobile Environments

Many applications of eXtensible Access Control Markup Language (XACML) have been found in security application solutions, yet few of them succeed in addressing authorization issues that are common in typical business and leisure scenarios that involve mobile users, such as identification management in a mobile environment, issuing a proper authorization request to a domain where the security model is unknown, locating all the applicable policies for an unknown requester, finding a proper service provider that can not compromise the requester's data confidentiality and integrity, and the issue of applicability of reputation data. An XACML-based architecture is proposed to tackle the above issues. A subject ID mapping service is the foundation of the architecture, upon which a meta policy server (MPS) is designed to locate the policies for a requester and provide guidelines for overall security management, while reverse authorization is used to guarantee the requester's privacy. In addition, a private reputation attribute authority (AA) handles reputation data applicability problem. A security handshake protocol for secure communication between the MPS and subject attribute authorities is also an important part of the solution. It is detailed in another paper: KEAML $Key Exchange and Authentication Markup Language