Title :
Implementing ACL-Based Policies in XACML
Author :
Karjoth, Günter ; Schade, Andreas ; Van Herreweghen, E.
Author_Institution :
Zurich Res. Lab., IBM Res., Zurich
Abstract :
XACML is commonly used as a policy exchange mechanism, decision engines are available, and verification tools are under development. However, no support for legacy access control systems exists yet. To explore the feasibility to support legacy systems, we designed and implemented a mapping of the IBMreg Tivolireg Access Manager policy language into XACML. Although the Tivoli Access Manager policy language, being ACL-based, is simpler in general, it turned out to be a non-trivial task to encode the interplay of the Tivoli Access Manager policy elements and decision logic within XACML. To achieve this task, we had to come up with a novel use of XACML features.
Keywords :
XML; authorisation; decision theory; formal logic; ACL-based policies; IBM Tivoli Access Manager policy language; XACML; decision engines; decision logic; policy exchange mechanism; Access control; Application software; Authorization; Computer security; Laboratories; Logic; Permission; Protection; Resource management; Search engines; Access control; Access control policy language; Policy translation; XACML;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.31
