Unifying the Access Control Mechanism for the Enterprises Using XACML Policy Levels

Full Text (PDF, 391KB), PP.82-88

Views: 0 Downloads: 0

Author(s)

N. Senthil Kumar 1,* Anthoniraj Amalanathan 2

1. School of Information Technology & Engineering, VIT University, Vellore

2. School of Computer Science & Engineering, VIT University, Vellore

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2015.12.10

Received: 17 Feb. 2015 / Revised: 13 Jun. 2015 / Accepted: 21 Aug. 2015 / Published: 8 Nov. 2015

Index Terms

EXtensible Access Control Mark up Language (XACML), security policy, Policy Enforcement Point, Policy Decision Point

Abstract

Many enterprises have intended to promote their applications with stern access control mechanism and yield the stringent authorization deployment in their individual proprietary manner. The development of this build up will result in tight coupling of authorization mechanisms within the enterprise applications. In many enterprises setup, the implicit authorization processes are embedded within the application and promote error prone accessing of requested policies. This sort of embedded authorization will let the users to carry out the specific actions without knowing the access control policy as well as its embedded setup with the help of third party involvement. But this approach has some serious effects in controlling the issues such as skipping the trust based applications, violates the policy setups and pave the way to exploit the authorized data to the end users. Many enterprises had faced serious problem in controlling its sensitive data from this implicit authorization decisions and hence decided to develop a security mechanism which can be totally controlled by centralized way of access policy. Therefore, the eXtensible Access Control Markup Language (XACML) provides a very simple and powerful remedy for authorization mechanism and for the access policy set ups.

Cite This Paper

N. Senthil Kumar, Anthoniraj Amalanathan, "Unifying the Access Control Mechanism for the Enterprises Using XACML Policy Levels", International Journal of Information Technology and Computer Science(IJITCS), vol.7, no.12, pp.82-88, 2015. DOI:10.5815/ijitcs.2015.12.10

Reference

[1]Aburahma, Maha, and ReinhardStumptner. “Modeling Location Attributes Using XACML-RBAC Model.” Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia, 2009. 251–254. 

[2]Anderson, Anne et al. “eXtensible Access Control Markup Language (XACML) Version 1.0.” OASIS, 2003.

[3]Ardagna, Claudio Agostino et al. “An XACML-Based Privacy-Centered Access Control System.” Proceedings of the First ACM Workshop on Information Security Governance - WISG ’09. ACM Press, 2009.

[4]Camenisch, Jan et al. “Credential-Based Access Control Extensions to Xacml.” W3C Workshop on Access Control Application Scenarios, Luxembourg. Vol. 17, 2009. 

[5]Ekelhart, Andreas et al. “XML Security - A Comparative Literature Review.” Journal of Systems and Software 81.10, 2008: 1715–1724. 

[6]Giambruno, A et al. “MagicNET: XACML Authorization Policies for Mobile Agents.” Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for, 2009. 1–7. 

[7]Hsieh, G. et al. “Using XACML for Embedded and Fine-Grained Access Control Policy.” 2009 International Conference on Availability, Reliability and Security (2009).

[8]Hu, V.C. et al. “Conformance Checking of Access Control Policies Specified in XACML.” 31st Annual International Computer Software and Applications Conference (COMPSAC 2007) 2 (2007).

[9]Hummer, Waldemar et al. “An Integrated Approach for Identity and Access Management in a SOA Context.” Proceedings of the 16th ACM symposium on Access control models and technologies - SACMAT ’11 (2011): 21.

[10]Mazzoleni, Pietro et al. “XACML Policy Integration Algorithms.” ACM Transactions on Information and System Security2008 : 1–29.

[11]Mohan, Apurva, and Douglas M. Blough. “An Attribute-Based Authorization Policy Framework with Dynamic Conflict Resolution.” Proceedings of the 9th Symposium on Identity and Trust on the Internet - IDTRUST ’10. ACM Press, 2010. 37.

[12]Ngo, Canh et al. “Multi-Data-Types Interval Decision Diagrams for XACML Evaluation Engine.” Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on, 2013. 257–266.

[13]Sun Microsystems Inc. “XACML Implementation Programmer’s Guide.” http://sunxacml.sourceforge.net/guide.html. 2003.

[14]Web News and Product Reviews. “XACML Access Control Markup Language.” Wilde’s WWW Online Glossary. 2003.

[15]X. Maro?as, E. Rodríguez, J. Delgado, “An architecture for the interoperability between rights expression languages based on XACML”, in Proc. of the 5th International ODRL Workshop, France, September 2009, 

[16]C. E. Gates, “Access control requirements for Web 2.0 security and privacy”, Position paper accepted to the Workshop on Web 2.0 Security and Privacy (W2SP), CA, USA, May 2007. 

[17]E Fernan dez Buglioni, “Security Patterns in Practice”, Designing Secure Architectures Using Software Patterns, Wiley Software Patterns Series, Wiley, 1 edition, (2013) May 28

[18]C. Ruan and V. Varadharajan, “Dynamic delegation framework for role based access control in distributed data management systems,” Distributed and Parallel Databases, vol. 32,no. 2, pp. 245–269, 2014.