Paper Info
Title
Runtime Administration of an RBAC Profile for XACML
Abstract
The eXtensible Access Control Markup Language (XACML) is the de facto language to specify access control policies for web services. XACML has an RBAC profile (XACML-RBAC) to support role-based access control policies. We extend this profile with an administrative RBAC profile, which we refer to as the XACML-ARBAC profile. One of the advantages of doing so is to use policies based on RBAC model to administrate XACML-RBAC policies. Because using permissions granted by XACML-ARBAC policies alter XACML-RBAC policies, enforcing XACML-ARBAC polices requires some concurrency control within XACML access controller's runtime. In order to solve this concurrency problem, we propose a session-aware administrative model for RBAC, and enhance the XACML policy evaluation runtime using a locking mechanism. Experimental study shows reconcilable performance characteristics of our enhancements to Sun's XACML reference implementation.
Year
DOI
Venue
2011
10.1109/TSC.2010.27
IEEE Transactions on Services Computing
Keywords
DocType
Volume
extensible access control markup language,XML,xacml-arbac policy,XACML,Web services,rbac profile,concurrency control,xacml-rbac policy,xacml policy evaluation runtime,xacml-arbac profile,RBAC,RBAC profile,software performance evaluation,rbac model,concurrency problem,xacml reference implementation,security.,authorisation,xacml access controller,runtime administration,ARBAC,administrative rbac profile,Sun XACML reference implementation,role based access control policies,xacml-arbac police,session aware administrative model,XACML policy evaluation runtime
Journal
4
Issue
ISSN
Citations 
4
1939-1374
3
PageRank 
References 
Authors
0.43
17
3
Name
Order
Citations
PageRank
Min Xu1583.74
Duminda Wijesekera21464141.54
Xinwen Zhang369746.90