Title :
A Mechanism for Requesting Hierarchical documetns in XACML
Author :
Khurat, Assadarat ; Abendroth, Joerg
Author_Institution :
Nokia Siemens Networks GmbH & Co., Munich
Abstract :
Sensitive information is increasingly becoming more accessible. Access control is a mechanism that is widely used to protect such information. Extensible Access Control Markup Language (XACML) is one of the most prominent access control policy languages. The XACML core specification defines an entity called the policy decision point (PDP) for evaluating policies to make a decision on incoming access requests. The problem is that this process is performed for one resource at a time. This hinders system performance greatly, especially in ubiquitous applications where performance is critical. We propose a mechanism for reducing the overhead performance costs when multiple resources are requested (i.e. the entire hierarchical or entire sub-hierarchical document) by applying the post-condition concept, in the form of "transformations" (as defined in the Common Policy), to filter the requested document.
Keywords :
XML; authorisation; decision making; document handling; ubiquitous computing; Extensible Access Control Markup Language; XACML core specification; access control policy language; decision making; policy decision point; requesting hierarchical document; security mechanism; sensitive information; ubiquitous application; Access control; Authorization; Computer networks; Costs; Markup languages; Mobile communication; Mobile computing; Pervasive computing; Protection; XML; Common Policy; PPFS; XACML; XML;
Conference_Titel :
Networking and Communications, 2008. WIMOB '08. IEEE International Conference on Wireless and Mobile Computing,
Conference_Location :
Avignon
Print_ISBN :
978-0-7695-3393-3
Electronic_ISBN :
978-0-7695-3393-3
DOI :
10.1109/WiMob.2008.118
