Abstract | ||
---|---|---|
The eXtensible Access Control Markup Language (XACML) is the de facto language to specify access control policies for web services. XACML has an RBAC profile (XACML-RBAC) to support role-based access control policies. We extend this profile with an administrative RBAC profile, which we refer to as the XACML-ARBAC profile. One of the advantages of doing so is to use policies based on RBAC model to administrate XACML-RBAC policies. Because using permissions granted by XACML-ARBAC policies alter XACML-RBAC policies, enforcing XACML-ARBAC polices requires some concurrency control within XACML access controller's runtime. In order to solve this concurrency problem, we propose a session-aware administrative model for RBAC, and enhance the XACML policy evaluation runtime using a locking mechanism. Experimental study shows reconcilable performance characteristics of our enhancements to Sun's XACML reference implementation. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1109/TSC.2010.27 | IEEE Transactions on Services Computing |
Keywords | DocType | Volume |
extensible access control markup language,XML,xacml-arbac policy,XACML,Web services,rbac profile,concurrency control,xacml-rbac policy,xacml policy evaluation runtime,xacml-arbac profile,RBAC,RBAC profile,software performance evaluation,rbac model,concurrency problem,xacml reference implementation,security.,authorisation,xacml access controller,runtime administration,ARBAC,administrative rbac profile,Sun XACML reference implementation,role based access control policies,xacml-arbac police,session aware administrative model,XACML policy evaluation runtime | Journal | 4 |
Issue | ISSN | Citations |
4 | 1939-1374 | 3 |
PageRank | References | Authors |
0.43 | 17 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Min Xu | 1 | 58 | 3.74 |
Duminda Wijesekera | 2 | 1464 | 141.54 |
Xinwen Zhang | 3 | 697 | 46.90 |