A Mechanism for Requesting Hierarchical documetns in XACML

Author

Khurat, Assadarat ; Abendroth, Joerg

Author_Institution

Nokia Siemens Networks GmbH & Co., Munich

fYear

2008

fDate

12-14 Oct. 2008

Firstpage

202

Lastpage

207

Abstract

Sensitive information is increasingly becoming more accessible. Access control is a mechanism that is widely used to protect such information. Extensible Access Control Markup Language (XACML) is one of the most prominent access control policy languages. The XACML core specification defines an entity called the policy decision point (PDP) for evaluating policies to make a decision on incoming access requests. The problem is that this process is performed for one resource at a time. This hinders system performance greatly, especially in ubiquitous applications where performance is critical. We propose a mechanism for reducing the overhead performance costs when multiple resources are requested (i.e. the entire hierarchical or entire sub-hierarchical document) by applying the post-condition concept, in the form of "transformations" (as defined in the Common Policy), to filter the requested document.

Keywords

XML; authorisation; decision making; document handling; ubiquitous computing; Extensible Access Control Markup Language; XACML core specification; access control policy language; decision making; policy decision point; requesting hierarchical document; security mechanism; sensitive information; ubiquitous application; Access control; Authorization; Computer networks; Costs; Markup languages; Mobile communication; Mobile computing; Pervasive computing; Protection; XML; Common Policy; PPFS; XACML; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking and Communications, 2008. WIMOB '08. IEEE International Conference on Wireless and Mobile Computing,

Conference_Location

Avignon

Print_ISBN

978-0-7695-3393-3

Electronic_ISBN

978-0-7695-3393-3

Type

conf

DOI

10.1109/WiMob.2008.118

Filename

4654236