• DocumentCode
    1943809
  • Title

    Implementing ACL-Based Policies in XACML

  • Author

    Karjoth, Günter ; Schade, Andreas ; Van Herreweghen, E.

  • Author_Institution
    Zurich Res. Lab., IBM Res., Zurich
  • fYear
    2008
  • fDate
    8-12 Dec. 2008
  • Firstpage
    183
  • Lastpage
    192
  • Abstract
    XACML is commonly used as a policy exchange mechanism, decision engines are available, and verification tools are under development. However, no support for legacy access control systems exists yet. To explore the feasibility to support legacy systems, we designed and implemented a mapping of the IBMreg Tivolireg Access Manager policy language into XACML. Although the Tivoli Access Manager policy language, being ACL-based, is simpler in general, it turned out to be a non-trivial task to encode the interplay of the Tivoli Access Manager policy elements and decision logic within XACML. To achieve this task, we had to come up with a novel use of XACML features.
  • Keywords
    XML; authorisation; decision theory; formal logic; ACL-based policies; IBM Tivoli Access Manager policy language; XACML; decision engines; decision logic; policy exchange mechanism; Access control; Application software; Authorization; Computer security; Laboratories; Logic; Permission; Protection; Resource management; Search engines; Access control; Access control policy language; Policy translation; XACML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2008. ACSAC 2008. Annual
  • Conference_Location
    Anaheim, CA
  • ISSN
    1063-9527
  • Print_ISBN
    978-0-7695-3447-3
  • Type

    conf

  • DOI
    10.1109/ACSAC.2008.31
  • Filename
    4721556
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1943809