Adding Support to XACML for Dynamic Delegation of Authority in Multiple Domains

Chadwick, David W. and Otenko, Sassa and Nguyen, Tuan Anh (2006) Adding Support to XACML for Dynamic Delegation of Authority in Multiple Domains. In: Communications and Multimedia Security. Lecture Notes in Computer Science, 4237 . Springer Berlin/Heidelberg , pp. 67-86. ISBN 978-3-540-47820-1. (Full text available)

PDF
Download (424kB)
[img]
Preview
Official URL
http://dx.doi.org/10.1007/11909033

Abstract

In this paper we describe how we have added support for dynamic delegation of authority that is enacted via the issuing of credentials from one user to another, to the XACML model for authorisation decision making. Initially we present the problems and requirements that such a model demands, considering that multiple domains will typically be involved. We then describe our architected solution based on the XACML conceptual and data flow models. We also present at a conceptual level the policy elements that are necessary to support this model of dynamic delegation of authority. Given that these policy elements are significantly different to those of the existing XACML policy, we propose a new conceptual entity called the Credential Validation Service (CVS), to work alongside the XACML PDP in the authorisation decision making. Finally we present an overview of our first specification of such a policy and its implementation in the corresponding CVS.

Item Type: Book section
Uncontrolled keywords: delegation, multiple domains, authority
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:03
Last Modified: 06 Sep 2011 01:31
Resource URI: http://kar.kent.ac.uk/id/eprint/14405 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year