An extended RBAC profile of XACML

Diala Abi Haidar; Nora Cuppens-Boulahia; Frederic Cuppens; Herve Debar

doi:10.1145/1180367.1180372

An extended RBAC profile of XACML

Diala Abi Haidar
, Nora Cuppens-Boulahia
, Frederic Cuppens
, Herve Debar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access Control Markup Language (XACML) was standardized by the OASIS community, it has been widely deployed, making it easier to interoperate with other applications using the same standard language. The OASIS has defined an RBAC profile of XACML that illustrates how organizations that would like to use the RBAC model can express their access control policy within this standard language. This work analyzes the RBAC profile of XACML, showing its limitations to respond to all the requirements for access control. We then suggest adding some functionalities within an extended RBAC profile of XACML. This new profile is expected to respond to more advanced access control requirements such as user-user delegation, access elements abstractions and contextual applicability of the policies.

Original language	English
Title of host publication	Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Pages	13-21
Number of pages	9
DOIs	https://doi.org/10.1145/1180367.1180372
Publication status	Published - 1 Dec 2006
Externally published	Yes
Event	3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 - Alexandria, VA, United States Duration: 30 Oct 2006 → 3 Nov 2006

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Country/Territory	United States
City	Alexandria, VA
Period	30/10/06 → 3/11/06

Keywords

Access control
OrBAC
RBAC
XACML

Access to Document

10.1145/1180367.1180372

Cite this

Haidar, D. A., Cuppens-Boulahia, N., Cuppens, F., & Debar, H. (2006). An extended RBAC profile of XACML. In Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 (pp. 13-21). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1180367.1180372

@inproceedings{d2c6ce62ad5842cab6c08d5b00cb36ea,

title = "An extended RBAC profile of XACML",

abstract = "Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access Control Markup Language (XACML) was standardized by the OASIS community, it has been widely deployed, making it easier to interoperate with other applications using the same standard language. The OASIS has defined an RBAC profile of XACML that illustrates how organizations that would like to use the RBAC model can express their access control policy within this standard language. This work analyzes the RBAC profile of XACML, showing its limitations to respond to all the requirements for access control. We then suggest adding some functionalities within an extended RBAC profile of XACML. This new profile is expected to respond to more advanced access control requirements such as user-user delegation, access elements abstractions and contextual applicability of the policies.",

keywords = "Access control, OrBAC, RBAC, XACML",

author = "Haidar, \{Diala Abi\} and Nora Cuppens-Boulahia and Frederic Cuppens and Herve Debar",

year = "2006",

month = dec,

day = "1",

doi = "10.1145/1180367.1180372",

language = "English",

isbn = "1595935460",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "13--21",

booktitle = "Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06",

note = "3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 ; Conference date: 30-10-2006 Through 03-11-2006",

}

Haidar, DA, Cuppens-Boulahia, N, Cuppens, F & Debar, H 2006, An extended RBAC profile of XACML. in Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06. Proceedings of the ACM Conference on Computer and Communications Security, pp. 13-21, 3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06, Alexandria, VA, United States, 30/10/06. https://doi.org/10.1145/1180367.1180372

An extended RBAC profile of XACML. / Haidar, Diala Abi; Cuppens-Boulahia, Nora; Cuppens, Frederic et al.
Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06. 2006. p. 13-21 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An extended RBAC profile of XACML

AU - Haidar, Diala Abi

AU - Cuppens-Boulahia, Nora

AU - Cuppens, Frederic

AU - Debar, Herve

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access Control Markup Language (XACML) was standardized by the OASIS community, it has been widely deployed, making it easier to interoperate with other applications using the same standard language. The OASIS has defined an RBAC profile of XACML that illustrates how organizations that would like to use the RBAC model can express their access control policy within this standard language. This work analyzes the RBAC profile of XACML, showing its limitations to respond to all the requirements for access control. We then suggest adding some functionalities within an extended RBAC profile of XACML. This new profile is expected to respond to more advanced access control requirements such as user-user delegation, access elements abstractions and contextual applicability of the policies.

AB - Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access Control Markup Language (XACML) was standardized by the OASIS community, it has been widely deployed, making it easier to interoperate with other applications using the same standard language. The OASIS has defined an RBAC profile of XACML that illustrates how organizations that would like to use the RBAC model can express their access control policy within this standard language. This work analyzes the RBAC profile of XACML, showing its limitations to respond to all the requirements for access control. We then suggest adding some functionalities within an extended RBAC profile of XACML. This new profile is expected to respond to more advanced access control requirements such as user-user delegation, access elements abstractions and contextual applicability of the policies.

KW - Access control

KW - OrBAC

KW - RBAC

KW - XACML

UR - https://www.scopus.com/pages/publications/77954329159

U2 - 10.1145/1180367.1180372

DO - 10.1145/1180367.1180372

M3 - Conference contribution

AN - SCOPUS:77954329159

SN - 1595935460

SN - 9781595935465

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 13

EP - 21

BT - Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

T2 - 3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

Y2 - 30 October 2006 through 3 November 2006

ER -

An extended RBAC profile of XACML

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this