An Algebra for Fine-grained Integration of XACML Policies
Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. In this paper, we introduce an algebra for fine-grained integration of sophisticated policies. The algebra, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints. To assess the expressive power of our algebra, we introduce a notion of completeness and prove that our algebra is complete with respect to this notion. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams.
P. Rao et al., "An Algebra for Fine-grained Integration of XACML Policies," Proceedings of the 14th ACM symposium on Access control models and technologies, Association for Computing Machinery (ACM), Jan 2009.
The definitive version is available at http://dx.doi.org/10.1145/1542207.1542218
United States. Air Force. Office of Scientific Research
National Science Foundation (U.S.)
Keywords and Phrases
XACML; Access Control; Policy Integration; Security
Article - Conference proceedings
© 2009 Association for Computing Machinery (ACM), All rights reserved.