Title :
An Extensible XACML Authorization Web Service: Application to Dynamic Web Sites Access Control
Author :
Laborde, Romain ; Cheaito, Marwan ; Barrère, François ; Benzekri, Abdelmalek
Author_Institution :
IRIT, Univ. Paul Sabatier, Toulouse, France
fDate :
Nov. 29 2009-Dec. 4 2009
Abstract :
Attribute Based Access Control can define permissions based on just about any security relevant characteristics of requestors, actions, resources, and environment, known as attributes. XACML is an access control OASIS standard compliant to this approach. Although XACML seems to allow the specification and enforcement of any access control policy, current tools can require modifying the source code of the authorization decision system when policy includes non-standard information. In this article, we present an XACML authorization web service that can be extended when needed. It is composed of a core element implementing OASIS standard and additional modules for new security information. We apply this approach to dynamic web sites access control management.
Keywords :
Web services; XML; authorisation; access control OASIS standard compliant; access control policy specification; attribute based access control; authorization decision system; dynamic Web sites access control; extensible XACML authorization Web service; security relevant characteristics; Authorization; Context; Java; Web pages; dynamic web sites access control; eXtensible Access Control Markup Language (XACML); extensible authorization decision engine;
Conference_Titel :
Signal-Image Technology & Internet-Based Systems (SITIS), 2009 Fifth International Conference on
Conference_Location :
Marrakesh
Print_ISBN :
978-1-4244-5740-3
Electronic_ISBN :
978-0-7695-3959-1
DOI :
10.1109/SITIS.2009.83
