Sciweavers

POLICY
2009
Springer

Towards Session-Aware RBAC Administration and Enforcement with XACML

14 years 7 months ago
Towards Session-Aware RBAC Administration and Enforcement with XACML
Abstract—An administrative role-based access control (ARBAC) model specifies administrative policies over a role-based access control (RBAC) system, where an administrative permission may change an RBAC policy by updating permissions assigned to roles, or assigning/revoking users to/from roles. Consequently, enforcing ARBAC policies over an active access controller while some users are using protected resources would result in conflicts: a policy may be in effect in the RBAC system while being updated by an ARBAC operation. Towards solving this concurrency problem, we propose a session-aware administrative model for RBAC. We show how the concurrency problem can be resolved by enhancing the eXtensible Access Control Markup Language (XACML) reference implementation. In order to do so, we develop an XACML-ARBAC profile to specify ARBAC policies, and enforce these polices by building an ARBAC enforcement module and a session administrative module. The former synchronizes with the eval...
Min Xu, Duminda Wijesekera, Xinwen Zhang, Deshan C
Added 27 May 2010
Updated 27 May 2010
Type Conference
Year 2009
Where POLICY
Authors Min Xu, Duminda Wijesekera, Xinwen Zhang, Deshan Cooray
Comments (0)