An Extensible XACML Authorization Web Service: Application to Dynamic Web Sites Access Control

Author

Laborde, Romain ; Cheaito, Marwan ; Barrère, François ; Benzekri, Abdelmalek

Author_Institution

IRIT, Univ. Paul Sabatier, Toulouse, France

fYear

2009

fDate

Nov. 29 2009-Dec. 4 2009

Firstpage

499

Lastpage

505

Abstract

Attribute Based Access Control can define permissions based on just about any security relevant characteristics of requestors, actions, resources, and environment, known as attributes. XACML is an access control OASIS standard compliant to this approach. Although XACML seems to allow the specification and enforcement of any access control policy, current tools can require modifying the source code of the authorization decision system when policy includes non-standard information. In this article, we present an XACML authorization web service that can be extended when needed. It is composed of a core element implementing OASIS standard and additional modules for new security information. We apply this approach to dynamic web sites access control management.

Keywords

Web services; XML; authorisation; access control OASIS standard compliant; access control policy specification; attribute based access control; authorization decision system; dynamic Web sites access control; extensible XACML authorization Web service; security relevant characteristics; Authorization; Context; Java; Web pages; dynamic web sites access control; eXtensible Access Control Markup Language (XACML); extensible authorization decision engine;

fLanguage

English

Publisher

ieee

Conference_Titel

Signal-Image Technology & Internet-Based Systems (SITIS), 2009 Fifth International Conference on

Conference_Location

Marrakesh

Print_ISBN

978-1-4244-5740-3

Electronic_ISBN

978-0-7695-3959-1

Type

conf

DOI

10.1109/SITIS.2009.83

Filename

5630092