One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing security policies regulating interactions between parties and access to services and resources. Recent proposals for specifying and exchanging access control policies adopt XML-based languages. XML appears in fact a natural choice as the basis for the common security-policy language, due to the ease with which its syntax and semantics can be extended and the widespread support that it enjoys from all the main platform and tool vendors. In this chapter, we first investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration in designing an access control language for Internet information systems. We then focus on XML-based access control languages and, in particular, on the eXtensible Access Control Markup Language (XACML), a recent OASIS standardization effort. XACML is designed to express authorization policies in XML against objects that are themselves identified in XML. XACML can represent the functionalities of most policy representation mechanisms.

XML-based access control languages / C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, P. Samarati. - In: INFORMATION SECURITY TECHNICAL REPORT. - ISSN 1363-4127. - 9:3(2004), pp. 35-46. [10.1016/S1363-4127(04)00030-5]

XML-based access control languages

C.A. Ardagna
Primo
;
E. Damiani
Secondo
;
S. De Capitani di Vimercati
Penultimo
;
P. Samarati
Ultimo
2004

Abstract

One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing security policies regulating interactions between parties and access to services and resources. Recent proposals for specifying and exchanging access control policies adopt XML-based languages. XML appears in fact a natural choice as the basis for the common security-policy language, due to the ease with which its syntax and semantics can be extended and the widespread support that it enjoys from all the main platform and tool vendors. In this chapter, we first investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration in designing an access control language for Internet information systems. We then focus on XML-based access control languages and, in particular, on the eXtensible Access Control Markup Language (XACML), a recent OASIS standardization effort. XACML is designed to express authorization policies in XML against objects that are themselves identified in XML. XACML can represent the functionalities of most policy representation mechanisms.
Settore INF/01 - Informatica
2004
Article (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/40863
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? 2
social impact