Publication | Closed Access
How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML)
582
Citations
1
References
2005
Year
Unknown Venue
Information ObjectsWeb Service SpecificationEngineeringInformation SecurityValid XmlSemantic WebFormal VerificationXml SecurityLogical Access ControlAccess ControlData ManagementXml LibraryData PrivacyComputer ScienceInformation ManagementXml LanguageData SecurityFormal MethodsWeb Information SystemWeb Services
Web Services enable access to distributed, heterogeneous information objects, yet owners often restrict access for various reasons. The paper proposes a novel XML-based method for declaring access restrictions on information objects and addresses how to identify and resolve policy inconsistencies. The method encodes access restrictions in XML using XACML and XPath expressions. Fine‑grained policies can overlap, leading to inconsistencies when a subject receives both positive and negative permissions.
Web Services, as the new building blocks of today's Internet provide the power to access distributed and heterogeneous information objects, which is the base for more advanced use like in electronic commerce. But, the access to these information objects is not always unrestricted. The owner of the information objects may control access due to different reasons. This paper introduces a novel approach for declaring information object related access restrictions, based on a valid XML encoding. The paper shows, how the access restrictions can be declared using XACML and Xpath. Based on the specified 'fine grained' policies, multiple policies can be applicable. If these policies declare positive and negative permissions for the same subject, policy inconsistencies exist. The paper also focuses on specifying the ground of policy inconsistencies and how to solve them.
| Year | Citations | |
|---|---|---|
Page 1
Page 1