XML-Based Distributed Access Control System

TitleXML-Based Distributed Access Control System
Publication TypeConference Paper
Year of Publication2002
AuthorsJ. Lopez, A. Mana, and M. I. Yague
Conference NameThird International Conference on E-Commerce and Web Technologies (ECWeb’02)
Series TitleLNCS
Date PublishedSeptember

The use of attribute certificates and the concept of mobile policies have been proposed to overcome some of the limitations of the role based access control (RBAC) paradigm and to implement security requirements such as the ‘‘originator controlled’’ (ORCON) policy. Mobile policies are attached to the data that they control and enforced by their execution in trusted servers. In this paper we extend this idea to allow the execution of the policies in untrusted systems. Our extension allows that policies are bound to the data but not attached to it. By this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designed to express policies in a simple and unambiguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.

Citation KeyJavierLopez2002e
Paper File: