[1] Ye Chunxiao, Zhong Jiang, Feng Yong,. Attribute-based access control policy specification language [J]. Journal of Southeast University (English Edition), 2008, 24 (3): 260-263. [doi:10.3969/j.issn.1003-7985.2008.03.002]
Copy
Attribute-based access control policy specification language(
)
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 24
- Issue:
- 2008 3
- Page:
- 260-263
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2008-09-30
Info
- Title:
- Attribute-based access control policy specification language
- Author(s):
- Ye Chunxiao; Zhong Jiang; Feng Yong
- College of Computer Science, Chongqing University, Chongqing 400044, China
- Keywords:
- role-based access control; policy; XML; XACML
- PACS:
- TP309.2
- DOI:
- 10.3969/j.issn.1003-7985.2008.03.002
- Abstract:
- This paper first introduces attribute expression to describe attribute-based access control policy.Secondly, an access control policy enforcement language named A-XACML(attribute-XACML)is proposed, which is an extension of XACML.A-XACML is used as a simple, flexible way to express and enforce access control policies, especially attribute-based access control policy, in a variety of environments.The language and schema support include data types, functions, and combining logic which allow simple and complex policies to be defined.Finally, a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.
References:
[1] Sandhu Ravi, Coyne Edward, Feinstein Hal, et al.Role-based access control models [J].IEEE Computer, 1996, 29(2):38-47.
[2] Bhatti R, Bertino E, Ghafoor A, et al.XML-based specification for web-services document security [J].IEEE Computer, 2004, 37(4):41-49.
[3] Joshi J, Bhatti R, Bertino E, et al.Access-control language for multi-domain environments [J].IEEE Internet Computing, 2004, 8(6):40-50.
[4] Godik Simon, Moses Tim, Anderson Anne, et al.OASIS extensible access control markup language(XACML)[EB/OL].(2005-12-02)[2008-02-12].http://www.oasis-open.org/committees/xacml/.
[5] Toktar E, Jamhour E, Maziero C.RSVP policy control using XACML [C]//Proc of POLICY’04. New York:IEEE Computer Society Press, 2004:87-98.
[6] Al-Kahtani Mohammad Abdullah.A family of models for rule-based user-role assignment[D].Fairfax:Department of Computer Science of George Mason University, 2003.
Memo
- Memo:
-
Biography: Ye Chunxiao(1973—), male, doctor, associate professor, yecx@cqu.edu.cn.
Foundation item: The National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z445).
Citation: Ye Chunxiao, Zhong Jiang, Feng Yong.Attribute-based access control policy specification language[J].Journal of Southeast University(English Edition), 2008, 24(3):260-263.