| Supporting RBAC with XACML+OWL |
| Full text |
 Pdf
(524 KB)
|
Source
|
Symposium on Access Control Models and Technologies
archive
Proceedings of the 14th ACM symposium on Access control models and technologies
table of contents
Stresa, Italy
SESSION: XACML and RBAC
table of contents
Pages 145-154
Year of Publication: 2009
ISBN:978-1-60558-537-6
|
|
Authors
|
|
| Sponsors |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 34, Downloads (12 Months): 168, Citation Count: 0
|
|
|
 ABSTRACT
XACML does not natively support RBAC and even the pecialized XACML profiles are not able to support many relevant constraints such as static and dynamic separation of duty. Extending XACML to support such constraints, however, is an issue that requires extensions not only to the XACML language but also to the XACML reference architecture and engine. In this paper we introduce XACML+OWL, a framework that integrates OWL ontologies and XACML policies for supporting RBAC. The basic idea is to decouple the design of an RBAC system by modeling the role hierarchy and the constraints with an OWL ontology and the authorization policies with XACML. In doing this, we introduce new functions that extend policies with semantic reasoning services based on the OWL ontology. As part of such extension, we extend the reference architecture of XACML and the XACML data-flow for access control decisions with the invocation of such functions.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
A. Anderson, editor. Core and hierarchical role based access control (RBAC) profile of XACML v2.0. 2005. OASIS Standard, http://docs.oasis-open.org/xacml/2.0/access controlxacml-2.0-rbac-profile1-spec-os.pdf.
|
| |
2
|
Franz Baader , Diego Calvanese , Deborah L. McGuinness , Daniele Nardi , Peter F. Patel-Schneider, The description logic handbook: theory, implementation, and applications, Cambridge University Press, New York, NY, 2003
|
| |
3
|
T. Berners-Lee, J. Hendler, and O. Lassila. The semantic web. Scientific American, May 2001.
|
 |
4
|
|
| |
5
|
J. Crampton. XACML and role-based access control. Presentation at DIMACS Workshop on Security of Web Services (DIMACS 2005), 2005.
|
| |
6
|
E. Damiani, S. D. C. di Vimercati, C. Fugazza, and P. Samarati. Extending policy languages to the semantic web. In Proceedings of ICWE 2004, pages 330--343, 2004.
|
| |
7
|
M. Dean and G. Schreiber. OWL Web Ontology Language Guide, 2004. W3C Recommendation 2004, http://www.w3.org/TR/owl-guide/.
|
| |
8
|
T. Finin , A. Joshi , L. Kagal , J. Niu , R. Sandhu , W. Winsborough , B. Thuraisingham, ROWLBAC: representing role based access control in OWL, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
[doi> 10.1145/1377836.1377849]
|
| |
9
|
L. Kagal, T. Berners-Lee, D. Connolly, and D. Weitzner. Using semantic web technologies for policy management on the web. In 21st National Conference on Artificial Intelligence (AAAI), 2006.
|
| |
10
|
M. Knechtel, J. Hladik, and F. Dau. Using owl dl reasoning to decide about authorization in RBAC. In OWLED'08: Proceedings of the OWLED 2008 Workshop on OWL: Experiences and Directions, 2008.
|
| |
11
|
|
| |
12
|
T. Moses. Extensible access control markup language (XACML) version 2.0, 2005. OASIS Standard.
|
| |
13
|
A. Uszok , J. Bradshaw , R. Jeffers , N. Suri , P. Hayes , M. Breedy , L. Bunch , M. Johnson , S. Kulkarni , J. Lott, KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.93, June 04-06, 2003
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
K.6