Contextualisation of ABAC Attributes through a Generic XACML Functionality Extension Mechanism

Brecht Claerhout, Kristof De Schepper, David Pérez del Rey, Anca Bucur

Abstract

Authorisation solutions that exist today offer a broad range of functionality for defining complex access control policies. A common requirement that is not covered by these solutions is dynamically instantiated contexts in collaborative environments. This requirement is one of the research topics of the EU funded INTEGRATE project. This paper will focus on the solution proposed for the INTEGRATE project which is XACML based. The approach taken to make XACML context aware, is to enrich the XACML specification using a contextual extension through a generic mechanism, without changing the XACML language itself. This contextual extension operates on the XACML requests with ultimate goal to simplify the management of context aware policies.

References

  1. OASIS, 2005, 'XACML: eXtensible Access Control Markup Language', Version 2.0, Available from: <http://docs.oasis-open.org/xacml/2.0/access_controlxacml-2.0-core-spec-os.pdf>. [16 July 2012]
  2. Chadwick, D, Zhao, G, Otenko, S, Laborde, R, Su, L, Anh Nguyen, T, 2008, 'PERMIS: a modular authorization infrastructure', Concurrency and Computation: Practice and Experience, vol. 20, no. 11, pp. 1341- 1357
  3. Damianou, N, Dulay, N, Lupu, E, Sloman, M, 2001, 'The Ponder Policy Specification Language', POLICY 2001 Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pp. 18- 38
  4. Moritz, Y, Becker, PS, 2004, 'Cassandra: Distributed Access Control Policies with Tunable Expressiveness, Policies for Distributed Systems and Networks', POLICY 2004 Proceedings of the Fifth IEEE International Workshop, pp. 159 - 168
  5. Ciuciu, I, Claerhout, B, Schilders, L, and Meersman, R, 2011, 'Ontology-Based Matching of Security Attributes for Personal Data Access in e-Health', OTM'11, vol. 2, pp. 605-616
  6. INTEGRATE, 2012, 'INTEGRATE: Driving Excellence in Integrative Cancer Research', Available from: <http://www.fp7-integrate.eu/>. [16 July 2012]
  7. Foster, I, Kesselman, C, Tuecke, S, 2001, 'The Anatomy of the Grid: Enabling Scalable Virtual Organizations', International Journal of Supercomputer Applications, vol. 15, no. 3, pp. 200-222
Download


Paper Citation


in Harvard Style

Claerhout B., De Schepper K., Pérez del Rey D. and Bucur A. (2013). Contextualisation of ABAC Attributes through a Generic XACML Functionality Extension Mechanism . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013) ISBN 978-989-8565-37-2, pages 52-57. DOI: 10.5220/0004224700520057


in Bibtex Style

@conference{healthinf13,
author={Brecht Claerhout and Kristof De Schepper and David Pérez del Rey and Anca Bucur},
title={Contextualisation of ABAC Attributes through a Generic XACML Functionality Extension Mechanism},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)},
year={2013},
pages={52-57},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004224700520057},
isbn={978-989-8565-37-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)
TI - Contextualisation of ABAC Attributes through a Generic XACML Functionality Extension Mechanism
SN - 978-989-8565-37-2
AU - Claerhout B.
AU - De Schepper K.
AU - Pérez del Rey D.
AU - Bucur A.
PY - 2013
SP - 52
EP - 57
DO - 10.5220/0004224700520057