Title :
Translating High-Level Authorization Constraints to XACML
Author :
Alm, Christopher ; Illig, Roland
Author_Institution :
Steria Mummert Consulting, Germany
Abstract :
XACML has become a standard access control policy language in web service environments. However, there is still no feasible solution for XACML policy administration and validation that overcomes the complexity and verbosity of XACML, in particular with regard to high-level access control principles such as history-based separation of duty. Hence, XACML policy management is still difficult and error-prone. In order to solve this problem, we present a translation approach from the high-level declarative access control policy language OPL to XACML. Thereby we can, on the one hand, handle the complexity of the administration of policies including advanced authorization constraints. On the other hand, we are able to keep an XACML based enforcement environment which may be already in place.
Keywords :
Web services; XML; authorisation; XACML; access control policy language; high-level authorization constraints; web service; Authorization; Complexity theory; Contracts; Data structures; Semantics; XML; OPL; RBAC; Separation of Duty; Translation; XACML;
Conference_Titel :
Services (SERVICES-1), 2010 6th World Congress on
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-8199-6
Electronic_ISBN :
978-0-7695-4129-7
DOI :
10.1109/SERVICES.2010.62
