How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML)

Matheus, Andreas

doi:10.1109/hicss.2005.300

Cited by 118 publications

(11 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, having in mind their deficiencies [23], [24], [25] and the need for interoperable standards, both the research community and industry have been moving towards XML-based management protocols. The trend towards Web Services and XML/HTTP-based management has also affected PBM [129], [130], [178]. • Object: the general representation of data and methods.…”

Section: Distributed Policy Storage Provisioning and Enforcementmentioning

confidence: 99%

“…These limitations should be considered in combination with the frequency of policy modifications [123], [124], [125], [126], [127]. On another perspective, XML-based solutions have also been considered as an alternative to LDAP for storing policies, in spite of XML's verbosity [128], [129], [130]. The reasons are the significant penetration of XML in several devices and systems and its wide support as a uniform and interoperable format for sharing and representing data.…”

Section: Policy Enforcement Issuesmentioning

confidence: 99%

See 1 more Smart Citation

Policy-based self-management of wireless ad hoc networks

Hadjiantonis

Pavlou

2009

2009 IFIP/IEEE International Symposium on Integrated Network Management

View full text Add to dashboard Cite

Wireless ad hoc networks pose major research challenges because of their increasing ubiquity and user-initiated formation. The motivation of this thesis emanates from the need for unrestricted wireless communication in a scalable and predictable manner. This need is accentuated by the increasing users' demand for spontaneous communication and the deficiencies of existing management frameworks. The objective is to propose a management framework able to leverage the potential of wireless ad hoc networks as an alternative communication method allowing them to coexist with other networks and to emerge as their flexible extension. In the context of this thesis, Wireless ad hoc netw>orks consist of a majority of end-user devices, capable of multihop communication, and optionally supported from limited infrastructure. The policy-based management (PBM) paradigm is employed to facilitate their self-management, combining design and theory with testbed implementation and simulation studies. The thesis contribution can be identified in tlnee areas: (1) Design o f a context-aware policy hierarchy and a hybrid role-based organisation model: The integration of policies with contextual feedback enables the creation of a closed control loop at different organisational levels, forming the basis for self-management. (2) Deployment o f distributed PBM functionality: The management of wireless ad hoc networks is possible with the decentralisation of traditional PBM concepts, based on the design and implementation of a Distributed Policy Repositoiy (DPR). The DPR assists in the coordination of dispersed policy decision points (PDPs) by facilitating the synchronisation of policies and offering a uniform view of management objectives to the PDPs. (3) Validation o f PBM functionality fo r self-management: A case study addresses the deployment of a wireless ad hoc network on a testbed, attempting to overcome the lack of central coordination and the occurrence of interference, by using policies to control its dynamic channel assigmnent. Finally, the framework is extended for service management, implementing adaptable service provisioning and offering service customisation to end-users. The elements of this thesis contribution are combined under a unified policy-based framework for the self-management of wireless ad hoc networks.

show abstract

Section: Distributed Policy Storage Provisioning and Enforcementmentioning

confidence: 99%

Section: Policy Enforcement Issuesmentioning

confidence: 99%

Policy-based self-management of wireless ad hoc networks

Hadjiantonis

Pavlou

2009

2009 IFIP/IEEE International Symposium on Integrated Network Management

View full text Add to dashboard Cite

show abstract

“…In our implementation, as we use a WS-based architecture, messages exchanged (e.g., services) between A and B are XML files that obey SOAP protocols. Moreover, PolyOrBAC could be integrated perfectly into XACML architecture (Figure 8) [15,16].…”

Section: Ws Mechanisms In Polyorbacmentioning

confidence: 99%

Access Control for Collaborative Systems: A Web Services Based Approach

Kalam

Deswarte

Baïna

et al. 2007

IEEE International Conference on Web Services (ICWS 2007)

View full text Add to dashboard Cite

Nowadays, systems are more and more open, distributed and collaborative. In this context, access control is an important issue that should be studied, specified and well enforced. This work proposes a new access control model for collaborative systems: "PolyOrBAC". On the one hand, we extend OrBAC (Organization-Based Access Control Model) to specify local as well as collaboration access control rules; on the other hand, we enforce these security policies by applying web services mechanisms (XML, SOAP, UDDI and WSDL). We thus present a representative scenario of secure collaborative applications. Furthermore, we propose a XACML-based implementation of PolyOrBAC and we discuss the most important approaches that emphasize access control in collaborative environments.

show abstract

“…The spatial data types are based on the Geographical Markup Language version 3 (GML3) [14]. These data types and functions can be used to define spatial constraints for XACML based policies [2], which means that it is possible to support declaration and enforcement of access restrictions on geographic information. GeoXACML defines mainly the geometry model for geometric data types in access rules and geometric functions that can operate on these geometric data types.…”

Section: Geoxacmlmentioning

confidence: 99%

“…The solution is based on existing profiles for RBAC [3], and the Geospatial eXtensible Access Control Markup Language (GeoXACML) for location based access control [2].…”

Section: Introductionmentioning

confidence: 99%

Mobile Security with Location-Aware Role-Based Access Control

Ulltveit-Moe

Oleshchuk

2012

Security and Privacy in Mobile Information and Communication Systems

View full text Add to dashboard Cite

Abstract. This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location dependent access control and also other security enhancing solutions on mobile devices, like location dependent device locking, firewall, intrusion prevention or payment anti-fraud systems.

show abstract

How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML)

Cited by 118 publications

References 1 publication

Policy-based self-management of wireless ad hoc networks

Policy-based self-management of wireless ad hoc networks

Access Control for Collaborative Systems: A Web Services Based Approach

Mobile Security with Location-Aware Role-Based Access Control

Contact Info

Product

Resources

About