An extended RBAC profile of XACML

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2006, Pages 13-21

  Haidar, Diala Abi ^a,b   Cuppens Boulahia, Nora ^a   Cuppens, Frederic ^a   Debar, Herve ^b  

^a ECOLE DES MINES DE NANTES   (France)

^b ORANGE LABS   (France)

Author keywords

Access control; OrBAC; RBAC; XACML

Indexed keywords

ACCESS CONTROL POLICIES; BUSINESS OBJECTIVES; CONTROL ACCESS; EXTENSIBLE ACCESS CONTROL MARKUP LANGUAGES; OTHER APPLICATIONS; RBAC MODEL; SECURITY POLICY;

LINGUISTICS; MARKUP LANGUAGES; SECURITY SYSTEMS; SOCIETIES AND INSTITUTIONS; WEB SERVICES;

ACCESS CONTROL;

EID: 77954329159     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1180367.1180372     Document Type: Conference Paper

References (27)

1. Web-services policy language use-cases and requirements. Working draft 04, OASIS, April 2003.
2. XACML profile for Web-services. Working draft 04, OASIS, September 2003.
3. Core and hierarchical role based access control (RBAC) profile of XACML v2.0. Standard, OASIS, February 2005.
4. eXtensible Access Control Markup Language (XACML) Version 2. Standard, OASIS, February 2005.
5. SAML 2.0 profile of XACML v2.0. Standard, OASIS, February 2005.
6. SAML V2.0 Executive Overview. Committee DRAFT 01, OASIS, April 2005.
7. Security Assertion Markup Language (SAML) V2.0 Technical Overview. Working Draft 07, OASIS, July 2005.
8. Web Services Security: Key Industry Standards and Emerging Specifications Used for Securing Web Services. White Paper, Computer Associates, January 2005.
9. XACML v3.0 administrative policy. Working draft 10, OASIS, December 2005.
10. Web Services Security : SOAP Message Security 1.1(WS-Security 2004). Standard Specification, OASIS, February 2006.
11. Yuan Rao and Bo-Qin Feng and Jin-Cang Han and Zun-Chao Li. SX-RSRPM: a security integrated model for Web services. In Proceedings of the Third International Conference on Machine Learning and Cybernetics, Shanghai, August 2004.
12. Ezedin S. Barka and Ravi S. Sandhu. Framework for Role-Based Delegation Models. In 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, December 2000.
13. E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A Logical Framework for Reasoning about Access Control Models. ACM Transactions on Information and System Security, 6(1), February 2003.
14. E. Bertino, E. Catania, M. Damiani, and P. Persasca. GEO-RBAC: A Spatially Aware RBAC. In 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), Chantilly, Virginia, USA, May 2001.
15. L. Cholvy and F. Cuppens. Analyzing Consistency of Security Policies. In IEEE Symposium on Security and Privacy, Oakland, CA, May 1997.
16. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security (TISSEC), 4(3), 2001.
17. Frederic Cuppens and Alexandre Miege. Modelling Contexts in the Or-BAC Model. ACSAC, page 416, 2003.
18. George Yee and Larry Korba. Negotiated Security Policies for E-Services and Web Services. In Proceedings of the 2005 IEEE International Conference on Web Services (ICWS), July 2005.
19. M.A. Harrison, M.L. Ruzzo, and J.D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461-471, 1976.
20. S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible Support for Multiple Access Control Policies. ACM Transactions on Database Systems, 26(2), June 2001.
21. J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. Generalized Temporal Role-Based Access Control Model. 17(1):4-23, January 2005.
22. Alexandre Miege. Definition of a formal framework for specifying security policies. The Or-BAC model and extensions. PhD thesis, ENST, June 2005.
23. M.J. Moyer and M. Abamad. Generalized role-based access control. 21st International Conference on Distributed Computing Systems, pages 391-398, April 2001.
24. R Sandhu, D Ferraiolo, and R Kuhn. The NIST model for role-based access control: towards a unified standard. Proceedings of the fifth ACM workshop on Role-based access control, pages 47-63, 2000.
25. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models. Computer, 29(2):38-47, February 1996.
26. R. K. Thomas and R. S. Sandhu. Task-based Authorization Controls(TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, August 1997.
27. E. Yuan and J. Tong. Attribute based access control (ABAC): a new access control approach for service oriented architectures. Ottawa New Challenges for Access Control Workshop, April 2005.