USING MICROSOFT OFFICE INFOPATH TO GENERATE XACML POLICIES
Manuel Sánchez, Gabriel López, Antonio F. Gómez-Skarmeta, Óscar Cánovas
2006
Abstract
Today, when organizations perform access control over their resources they are not only interested in the user’s identity, but in other data such as user’s attributes or contextual information. These requirements can be found, for example, in a network access control scenario where end users pay for a specific access level and depending on it, they can get different network quality of service. The network provider has to check, not only the user identity, but the user’s attributes to make sure that he can access to the specified resource. These systems are based on the use of policy languages to define the authorization process. However, due to the increasing complexity of current systems, policies are becoming more and more complex to be managed by system administrators. Therefore, in this paper we present an user friendly approach to policy specification, based on the use of high level templates and common desktop applications. These templates are easily built from XML schemas, and once they have been filled, a XACML policy is automatically generated using a XML transformation.
References
- Altova (2006). XMLSpy R . http://www.altova. com/xmlspy.
- Anderson, A., Parducci, B., Adams, C., Flinn, D., Brose, G., Lockhart, H., Beznosov, K., Kudo, M., Humenn, P., Godik, S., Andersen, S., Crocker, S., and Moses, T. (2003). EXtensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard.
- Apache Software Foundation (2006). The apache xalan project. http://xalan.apache.org.
- Chadwick, D., Otenko, O., and Ball, E. (2003). Implementing role based access controls using x.509 attribute certificates. IEEE Internet Computing, pages 62 - 69.
- Clark, J. (1999). XSL Transformation (XSLT). W3C Recommendation.
- Cánovas, O., Lopez, G., and Gómez-Skarmeta, A. (2004). A credential conversion service for saml-based scenarios. In Proceedings First European PKI Workshop, volume 3093 of Lecture Notes in Computer Science, pages 297-305. Springer.
- Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and Yegin, A. (2005). Protocol for Carrying Authentication for Network Access (PANA). Internet Draft.
- Hoffman, M. (2003). Architecture of Microsoft Office InfoPath 2003. Microsoft Technical Report.
- IEEE Computer Society (2001). P802.1x/d11: Standard for port based network access control. IEEE Draft.
- Lorch, M., Proctor, S., Lepro, R., Kafura, D., and Shah, S. (2002). First Experiences Using XACML for Access Control in Distributed Systems. ACM Workshop on XML Security.
- López, G., Cánovas, O., and Gómez, A. F. (2005). Use of xacml policies for a network access control service. In Proceedings 4th International Workshop for Applied PKI, IWAP 05, pages 111-122. IOS Press.
- López, G., Cánovas, O., Gómez, A. F., Jimenez, J. D., and Marín, R. (2006). A network access control approach based on the aaa architecture and authorzation attributes. Journal of Network and Computer Applications JNCA. To be published.
- OASIS (2006). OASIS eXtensible Access Control Markup Language (XACML) TC. http: //www.oasis-open.org/committees/ tc_home.php?wg_abbrev=xacml.
- Thompson, M., Essiari, A., and Mudumbai, S. (2003). Certificate-based authorization policy in a PKI environment. ACM Transactions on Information and System Security (TISSEC), 6:566 - 588.
- University of Murcia (2006). UMU XACML editor. http: //xacml.dif.um.es.
Paper Citation
in Harvard Style
Sánchez M., López G., F. Gómez-Skarmeta A. and Cánovas Ó. (2006). USING MICROSOFT OFFICE INFOPATH TO GENERATE XACML POLICIES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 379-386. DOI: 10.5220/0002096803790386
in Bibtex Style
@conference{secrypt06,
author={Manuel Sánchez and Gabriel López and Antonio F. Gómez-Skarmeta and Óscar Cánovas},
title={USING MICROSOFT OFFICE INFOPATH TO GENERATE XACML POLICIES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={379-386},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002096803790386},
isbn={978-972-8865-63-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - USING MICROSOFT OFFICE INFOPATH TO GENERATE XACML POLICIES
SN - 978-972-8865-63-4
AU - Sánchez M.
AU - López G.
AU - F. Gómez-Skarmeta A.
AU - Cánovas Ó.
PY - 2006
SP - 379
EP - 386
DO - 10.5220/0002096803790386