Modern Standard-based Access Control in Network Services: XACML in action

Summary Access control in distributed systems is a complex problem that can be tackled in several ways. The XACML standard provides a possible solution, with several benefits and some drawbacks. In this paper we investigate the concepts behind distributed access control, review the XACML standard, and provide practical suggestions about the components to be used in building a XACML-based distributed access control system.

[1]  Philip Robinson,et al.  From Business Process Choreography to Authorization Policies , 2006, DBSec.

[2]  Tao Xie,et al.  Conformance Checking of Access Control Policies Specified in XACML , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[3]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[4]  Romain Laborde,et al.  PEP = Point to Enhance Particularly , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[5]  Matthew MacDonald,et al.  Web Services Architecture , 2004 .

[6]  Tao Xie,et al.  Multiple-implementation testing for XACML implementations , 2008, TAV-WEB '08.

[7]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[8]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.

[9]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[10]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[11]  Mark Ryan,et al.  Synthesising verified access control systems in XACML , 2004, FMSE '04.

[12]  David M. Booth,et al.  Web Services Architecture , 2004 .

[13]  Wolfgang Meier,et al.  eXist: An Open Source Native XML Database , 2002, Web, Web-Services, and Database Systems.

[14]  Sonia Sharama,et al.  Grid Computing , 2004, Lecture Notes in Computer Science.

[15]  Manu Sridharan,et al.  A micromodularity mechanism , 2001, ESEC/FSE-9.

[16]  Bruno Crispo,et al.  Performance evaluation of XACML PDP implementations , 2008, SWS '08.

[17]  Tevfik Bultan,et al.  Automated Verification of Access Control Policies , 2004 .

[18]  Tao Xie,et al.  Xengine: a fast and scalable XACML policy evaluation engine , 2008, SIGMETRICS '08.

[19]  Stephen A. White,et al.  Business Process Modeling Notation (BPMN), Version 1.0 , 2004 .

[20]  Steven J. DeRose,et al.  XML Path Language (XPath) , 1999 .

[21]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[22]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[23]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[24]  Andreas Schaad,et al.  Modeling of Task-Based Authorization Constraints in BPMN , 2007, BPM.

[25]  Andreas Schaad,et al.  Deriving XACML Policies from Business Process Models , 2007, WISE Workshops.

[26]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .