An XACML Policy Generating Method Based on Policy View

Attribute based access control (ABAC) is a promising access control model for pervasive computing. XACML is recognized as an effective ABAC policy description method that can exactly describe the semantics of a policy. However, the description of a XACML policy is complex and it is difficult for users to compose such a policy, which seriously embarrasses the application of XACML. Aiming at this problem, this paper presents an XACML policy generating method basing on a user-oriented ABAC policy view. On the basis of analyzing the XACML policy description language, the paper first establishes a policy description template composed of primary policy description elements of XACML, and then proposes an ABAC concept model called access control cube (ACCube) and submits a comprehensible user-oriented policy view basing on the ACCube. The policy view and the XACML policy template provide an easy and effective way for users to define XACML policies. Users can describe their ABAC policies by creating the policy views, which can then be transformed into XACML policies. The transforming algorithm is given in the paper. According to the foregoing method, we develop a XACML policy generating tool named XACML policy builder. An example of using XACML policy builder for building XACML policy is also given.