Fast authorization of XACML access control system on NETCONF platform

The Network Configuration Protocol (NETCONF) describes a set of operations that read or write configuration data on a network device. These operations are transferred to the device by the means of remote procedure calls (RPCs) encoded in XML. However, currently the NETCONF remote network configuration protocol lacks an access control model, for NETCONF protocol does not specify an authorization scheme. Based on the NETCONF platform multiple access control mechanisms, such as RBAC, MAC, and XACML were researched, and We developed translation components to enable XACML know sub tree request, which is one kind of request define by NETCONF; Furthermore we improved PDP´s performance by comparing full Xpath expression without wildcard characters and relative path symbol. That can extremely better XACML access control mechanism from performance to humanity.