research-article

Runtime Administration of an RBAC Profile for XACML

Authors:

Min Xu,

Duminda Wijesekera,

Xinwen ZhangAuthors Info & Claims

IEEE Transactions on Services Computing, Volume 4, Issue 4

Pages 286 - 299

https://doi.org/10.1109/TSC.2010.27

Published: 01 October 2011 Publication History

Abstract

The eXtensible Access Control Markup Language (XACML) is the de facto language to specify access control policies for web services. XACML has an RBAC profile (XACML-RBAC) to support role-based access control policies. We extend this profile with an administrative RBAC profile, which we refer to as the XACML-ARBAC profile. One of the advantages of doing so is to use policies based on RBAC model to administrate XACML-RBAC policies. Because using permissions granted by XACML-ARBAC policies alter XACML-RBAC policies, enforcing XACML-ARBAC polices requires some concurrency control within XACML access controller's runtime. In order to solve this concurrency problem, we propose a session-aware administrative model for RBAC, and enhance the XACML policy evaluation runtime using a locking mechanism. Experimental study shows reconcilable performance characteristics of our enhancements to Sun's XACML reference implementation.

Cited By

View all

Sambrekar KRajpurohit V(2019)Fast and Efficient Multiview Access Control Mechanism for Cloud Based Agriculture Storage Management SystemInternational Journal of Cloud Applications and Computing10.4018/IJCAC.20190101039:1(33-49)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.4018/IJCAC.2019010103
Kryftis YGrammatikou MKalogeras DMaglaris V(2017)Policy-Based Management for Federation of Virtualized InfrastructuresJournal of Network and Systems Management10.1007/s10922-016-9390-z25:2(229-252)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1007/s10922-016-9390-z
Lee BKim DYang HJang H(2015)Role-based access control for substation automation systems using XACMLInformation Systems10.1016/j.is.2015.01.00753:C(237-249)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1016/j.is.2015.01.007

Runtime Administration of an RBAC Profile for XACML
1. Security and privacy
  1. Security services
  2. Systems security

Recommendations

A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web services

The OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
An extended RBAC profile of XACML
SWS '06: Proceedings of the 3rd ACM workshop on Secure web services

Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access ...
Modeling location attributes using XACML-RBAC model
MoMM '09: Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia

Location-based access control (LBAC) takes the requester's location into account when deciding weather the requester should be granted access to the requested resource or not. Many models have been suggested to extend the Role-based access control (RBAC)...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Services Computing

IEEE Transactions on Services Computing Volume 4, Issue 4

October 2011

100 pages

ISSN:1939-1374

Issue’s Table of Contents

Publisher

IEEE Computer Society

United States

Publication History

Published: 01 October 2011

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sambrekar KRajpurohit V(2019)Fast and Efficient Multiview Access Control Mechanism for Cloud Based Agriculture Storage Management SystemInternational Journal of Cloud Applications and Computing10.4018/IJCAC.20190101039:1(33-49)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.4018/IJCAC.2019010103
Kryftis YGrammatikou MKalogeras DMaglaris V(2017)Policy-Based Management for Federation of Virtualized InfrastructuresJournal of Network and Systems Management10.1007/s10922-016-9390-z25:2(229-252)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1007/s10922-016-9390-z
Lee BKim DYang HJang H(2015)Role-based access control for substation automation systems using XACMLInformation Systems10.1016/j.is.2015.01.00753:C(237-249)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1016/j.is.2015.01.007

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

A role-based XACML administration and delegation profile and its enforcement architecture

An extended RBAC profile of XACML

Modeling location attributes using XACML-RBAC model

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations