In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in Semantic-Web style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes. In this paper, we discuss how standard XACML policies can handle ontology-based resource and subject descriptions based on the standard P3P base data schema. We show that XACML conditions can be transparently expanded according to ontology-based models representing semantics. Our expansion technique greatly reduces the need for online reasoning and decreases the system administrator’s effort for producing consistent rules when users’ descriptions comprise multiple credentials with redundant attributes.
Offline expansion of XACML policies based on P3P metadata / C. Ardagna, E. Damiani, S. De Capitani di Vimercati, C. Fugazza, P. Samarati - In: Web Engineering : 5th International Conference, ICWE 2005, Sydney, Australia, July 27-29, 2005 : proceedings / David Lowe, Martin Gaedke. - Berlin : Springer, 2005. - ISBN 3540279962. - pp. 363-374 (( Intervento presentato al 5. convegno International Conference on Web Engineering (ICWE 2005) tenutosi a Sydney, Australia nel 2005.
Offline expansion of XACML policies based on P3P metadata
C. ArdagnaPrimo
;E. DamianiSecondo
;S. De Capitani di Vimercati;C. FugazzaPenultimo
;P. SamaratiUltimo
2005
Abstract
In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in Semantic-Web style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes. In this paper, we discuss how standard XACML policies can handle ontology-based resource and subject descriptions based on the standard P3P base data schema. We show that XACML conditions can be transparently expanded according to ontology-based models representing semantics. Our expansion technique greatly reduces the need for online reasoning and decreases the system administrator’s effort for producing consistent rules when users’ descriptions comprise multiple credentials with redundant attributes.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
