Abstract

Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access Control Markup Language (XACML) was standardized by the OASIS community, it has been widely deployed, making it easier to interoperate with other applications using the same standard language. The OASIS has defined an RBAC profile of XACML that illustrates how organizations that would like to use the RBAC model can express their access control policy within this standard language. This work analyzes the RBAC profile of XACML, showing its limitations to respond to all the requirements for access control. We then suggest adding some functionalities within an extended RBAC profile of XACML. This new profile is expected to respond to more advanced access control requirements such as user-user delegation, access elements abstractions and contextual applicability of the policies.