Access control rules are currently administered by highly qualified personnel. Thus, the technical barrier that specialized access control languages represent naturally prevents the prime decision maker to effectively control such access. The usability is even worse in the case of access control applications targeting an average consumer, where customers who are casual users are expected to administer their own rules, e.g. in case of financial services. XACML is one of the most powerful access control languages because it allows the definition of complex conditions. In order to make XACML usable in such applications, there is a need for fully non-technical rule editors. We propose a notation for XACML rules containing conditions that is a combination of the usual tree properties of logical expressions but with an accessible natural language like format. Our early experience indicates that such rules can be grasped by non-technical users wishing to develop and control rules for accessin...
Bernard Stepien, Amy P. Felty, Stan Matwin