|Table of Contents|

[1] Ye Chunxiao, Zhong Jiang, Feng Yong,. Attribute-based access control policy specification language [J]. Journal of Southeast University (English Edition), 2008, 24 (3): 260-263. [doi:10.3969/j.issn.1003-7985.2008.03.002]
Copy

Attribute-based access control policy specification language()
Share:

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:
24
Issue:
2008 3
Page:
260-263
Research Field:
Computer Science and Engineering
Publishing date:
2008-09-30

Info

Title:
Attribute-based access control policy specification language
Author(s):
Ye Chunxiao Zhong Jiang Feng Yong
College of Computer Science, Chongqing University, Chongqing 400044, China
Keywords:
role-based access control policy XML XACML
PACS:
TP309.2
DOI:
10.3969/j.issn.1003-7985.2008.03.002
Abstract:
This paper first introduces attribute expression to describe attribute-based access control policy.Secondly, an access control policy enforcement language named A-XACML(attribute-XACML)is proposed, which is an extension of XACML.A-XACML is used as a simple, flexible way to express and enforce access control policies, especially attribute-based access control policy, in a variety of environments.The language and schema support include data types, functions, and combining logic which allow simple and complex policies to be defined.Finally, a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.

References:

[1] Sandhu Ravi, Coyne Edward, Feinstein Hal, et al.Role-based access control models [J].IEEE Computer, 1996, 29(2):38-47.
[2] Bhatti R, Bertino E, Ghafoor A, et al.XML-based specification for web-services document security [J].IEEE Computer, 2004, 37(4):41-49.
[3] Joshi J, Bhatti R, Bertino E, et al.Access-control language for multi-domain environments [J].IEEE Internet Computing, 2004, 8(6):40-50.
[4] Godik Simon, Moses Tim, Anderson Anne, et al.OASIS extensible access control markup language(XACML)[EB/OL].(2005-12-02)[2008-02-12].http://www.oasis-open.org/committees/xacml/.
[5] Toktar E, Jamhour E, Maziero C.RSVP policy control using XACML [C]//Proc of POLICY’04. New York:IEEE Computer Society Press, 2004:87-98.
[6] Al-Kahtani Mohammad Abdullah.A family of models for rule-based user-role assignment[D].Fairfax:Department of Computer Science of George Mason University, 2003.

Memo

Memo:
Biography: Ye Chunxiao(1973—), male, doctor, associate professor, yecx@cqu.edu.cn.
Foundation item: The National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z445).
Citation: Ye Chunxiao, Zhong Jiang, Feng Yong.Attribute-based access control policy specification language[J].Journal of Southeast University(English Edition), 2008, 24(3):260-263.
Last Update: 2008-09-20