A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf
.
Filters
An Effective Naming Heterogeneity Resolution for XACML Policy Evaluation in a Distributed Environment
2021
Symmetry
The effectiveness of the proposed matching functions on real XACML policies, designed for universities, conference management, and the health care domain, is evaluated. ...
Existing policy evaluation engines employ a simple string equal matching function in evaluating the similarity between the attribute values of a request and a policy, which are inaccurate, since only exact ...
A practical distributed policy evaluation framework should be able to support the autonomy in policy specification, as well as interoperability, among parties and policy portability [1] [2] [3] [4] [5 ...
doi:10.3390/sym13122394
fatcat:auuw3zrgsfd6td2bzphm3u3o6y
Design and Evaluation of XACML Conflict Policies Detection Mechanism
2010
International Journal of Computer Science & Information Technology (IJCSIT)
The mechanism has been evaluated by simulating a distributed policy based authorization and XACML access control system. ...
This paper presents the design, implementation and evaluation of a conflict policy detection mechanism that can be used by policy administrators to proactively detect conflict XACML policies present in ...
For evaluation of conflict policies detection mechanism, we have considered a set of 50 XACML policies. These policies have been created using custom built XACML policy specification tool. ...
doi:10.5121/ijcsit.2010.2505
fatcat:u7zruhxcxzeh7lylfykk34agla
Securing Workflows with XACML, RDF and BPEL
[chapter]
2008
Lecture Notes in Computer Science
The XACML is the access controller of the World Wide Web (WWW). The current reference implementation has a single policy decision point and a policy enforcement point. ...
Proposed contextual information is sufficient to coordinate and if necessary synchronize among coordinating policy enforcement points distributed among the WWW. ...
This paper extends their work to fully distribute evaluation and enforcement of XACML policies. ...
doi:10.1007/978-3-540-70567-3_25
fatcat:2b3wa6psbjbnfo5h4fh6d6wiia
Using XACML for Privacy Control in SAML-Based Identity Federations
[chapter]
2005
Lecture Notes in Computer Science
We present an architecture for the integration of XACML ARPs into SAML-based identity providers and specify the policy evaluation workflows. ...
Access to this information is managed using so-called Attribute Release Policies (ARPs). ...
The syntax and semantics of XACML ARPs have been specified along with the policy evaluation workflow, which makes use of an out-of-the-box XACML policy decision point. ...
doi:10.1007/11552055_16
fatcat:j6auityoqjhvdeupmdsjy4ojzi
First experiences using XACML for access control in distributed systems
2003
Proceedings of the 2003 ACM workshop on XML security - XMLSEC '03
This paper presents XACML, a standard access control language, as one component of a distributed and inter-operable authorization framework. ...
Several emerging systems which incorporate XACML are discussed. These discussions illustrate how authorization can be deployed in distributed, decentralized systems. ...
Cardea -Combining XACML and SAML to support distributed authorization Cardea is a distributed authorization system, developed as part of the NASA Information Power Grid [15], which dynamically evaluates ...
doi:10.1145/968559.968563
dblp:conf/xmlsec/LorchPLKS03
fatcat:zngwxqqoqzesbjwixnfox7qvo4
Deploying Access Control using Extended XACML in Open Web Service Environment
2012
International Journal of Computer Applications
Typically, XACML language is proposed for define the access control policy. It does not support novel features and not suitable in practice. ...
Also, extend the standard XACML architecture to incorporate the new features for open web service systems General Terms Architecture, Policy ...
For policy evaluation the access requester has send all relevant information. Policy can be evaluated in policy evaluation engine. ...
doi:10.5120/7181-9875
fatcat:4ipxe54jrjcqzihsxnbt5qj37y
Towards a Secure and Borderless Collaboration between Organizations: An Automated Enforcement Mechanism
2018
Security and Communication Networks
We also formally prove that the mapping does not affect decision evaluation of policies. ...
To carry out this mapping, we suggest a mechanism founded mainly on XACML profiles and on a generic language derivative of XACML we define as Generic-XACML. ...
Policy Decision Evaluation for XACML and Generic-XACML. The Rule evaluation depends on the Target evaluation and the Condition evaluation [23] . ...
doi:10.1155/2018/1572812
fatcat:e5soqdlf4bdbbfcrwkwgr26i2i
An XACML-based privacy-centered access control system
2009
Proceedings of the first ACM workshop on Information security governance - WISG '09
The widespread diffusion of the Internet as the platform for accessing distributed services makes available a huge amount of personal data, and a corresponding concern and demand from users, as well as ...
Considering the large success and application of XACML, we extend the XACML architecture and modules complementing them with functionalities for effective credential-based management and privacy support ...
XACML includes some built-in operators for comparing attribute values and provides a method for adding nonstandard functions. • Policy distribution. ...
doi:10.1145/1655168.1655178
fatcat:nle5zcl26zczxmhidyq74lip7q
A Decentralized Solution for Combinatorial Testing of Access Control Engine
2019
Proceedings of the 5th International Conference on Information Systems Security and Privacy
In distributed environments, information security is a key factor and access control is an important means to guarantee confidentiality of sensitive and valuable data. ...
In this paper, we introduce a new decentralized framework for testing of XACML-based access control engines. ...
It relies on the Policy Decision Point (PDP) evaluation engine in order to grant or deny the access based on the defined XACML policies. ...
doi:10.5220/0007379401260135
dblp:conf/icissp/DaoudaghLM19
fatcat:kj3qkt5n6rfj3i2yxvjpe5ik2a
Policy Based Self-Management in Distributed Environments
2010
2010 Fourth IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshop
A prototype of the framework is presented and two generic policy languages (policy engines and corresponding APIs), namely SPL and XACML, are evaluated using a self-managing file storage application as ...
Currently, increasing costs and escalating complexities are primary issues in the distributed system management. ...
We have evaluated the performance of our prototype (running YASS) by measuring the average policy evaluation times of XACML and SPL policy managers. ...
doi:10.1109/sasow.2010.72
dblp:conf/saso/BaoAV10
fatcat:zfwz4jsqbbbftkb5j27gajo2ui
Overriding of Access Control in XACML
2007
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)
wide range of applications and suitable for distributed systems where a common access control language is needed. ...
Most of these mechanisms focused on how to define users' rights in a precise way to prevent any violation for the access control policy. ...
XACML allows policies to be distributed in different locations and enforced by several enforcement points. ...
doi:10.1109/policy.2007.31
dblp:conf/policy/AlqatawnaRF07
fatcat:rxhjahlqtnetdfqzfsklg5ymuq
XACML policy performance evaluation using a flexible load testing framework
2010
Proceedings of the 17th ACM conference on Computer and communications security - CCS '10
Fine-grained access control is becoming more pervasive, so decisions are more frequent and policy sets are larger. ...
We describe an initial realization of the framework and report on initial experiments comparing the performance of the SunX-ACML and Enterprise XACML PDPs. ...
., who helped clarify the requirements for modelling the performance of XACML PDPs. The work was funded by Science Foundation Ireland via the "FAME" Strategic Research Cluster, grant no. 08/SRC/I1403. ...
doi:10.1145/1866307.1866385
dblp:conf/ccs/ButlerJB10
fatcat:dozdg4yulbhunlns6u6t4lrqmu
XML-based access control languages
2004
Information Security Technical Report
XACML is designed to express authorization policies in XML against objects that are themselves identified in XML. ...
One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing security policies regulating interactions between parties and access ...
XACML allows the definition of more than one subject relevant to a decision request. • Policy distribution support. ...
doi:10.1016/s1363-4127(04)00030-5
fatcat:gknec4g3ezb4pluh44wzc3heqm
Deductive policies with XACML
2009
Proceedings of the 2009 ACM workshop on Secure web services - SWS '09
In this paper we present an extension of the XACML language to support deduction of decisions, together with a distributed definition of the policies and at the same time avoiding problems known from current ...
OASIS XACML is being used in many applications and services nowadays. Additionally, tools for modeling the policies are available and many engineers share common understanding of this approach. ...
EXTENDING XACML TOWARD DEDUC-TIVE POLICIES Although the current version of XACML does not support a distributed decision making it is widely used to specify the access policies and supporting tools are ...
doi:10.1145/1655121.1655130
dblp:conf/sws/LischkaEC09
fatcat:hpbrkfbghrbzpmij772hgg5s24
A XML Policy-Based Approach for RSVP
[chapter]
2004
Lecture Notes in Computer Science
This work proposes a XML-based framework for distributing and enforcing RSVP access control policies, for RSVP-aware application servers. ...
Policies are represented by extending XACML, the general purpose access control language proposed by OASIS. ...
The section 6 describes how to implement the framework for distributing and enforcing the RSVP policies described in XACML. ...
doi:10.1007/978-3-540-27824-5_156
fatcat:hrq67idol5aghflefku5h2gl2m
« Previous
Showing results 1 — 15 out of 2,171 results