Title :
Composing Administrative Scope of Delegation Policies based on extended XACML
Author :
Li Xiao Feng ; Guo, Feng Deng
Author_Institution :
Inst. of Software, Chinese Acad. of Sci., Beijing
Abstract :
XACML as a language of access policy and access context request based on attributes is widely accepted. Current XACML specification´s main shortcoming is not considering delegation. A TC in OASIS proposed a draft about administrative policy, which extended XACML to describe delegation policies and stated how to process delegation policies in access decisions. In some cases, a supervisor may need to know administration authorities possessed by a manager who gets them through delegation policies. For providing such information, access control management systems should calculate total administration authority of a manager according to related delegation policies. Current XACML related works haven´t addressed this topic. In this paper we define basic administrative scope and its simple XML schema, use a set of administrative scope representing administrative authority. Using these definitions, we formally describe the calculation of a manager´s total administrative scope
Keywords :
authorisation; business data processing; access context request; access control management systems; access policy; administrative authority; extended XACML; Access control; Authorization; Calculus; Database languages; Information management; Information security; Laboratories; Logic; Natural languages; XML;
Conference_Titel :
Enterprise Distributed Object Computing Conference, 2006. EDOC '06. 10th IEEE International
Conference_Location :
Hong Kong
Print_ISBN :
0-7695-2558-X
DOI :
10.1109/EDOC.2006.23
