Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority

Chadwick, David W. and Otenko, Sassa and Nguyen, Tuan Anh (2009) Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority. International Journal of Information Security, 8 (2). pp. 182-196. (Full text available)

PDF - Accepted Version
Download (486kB) Preview
[img]
Preview
Official URL
http://www.cs.kent.ac.uk/pubs/2009/3024

Abstract

Abstract. We describe adding support for dynamic delegation of authority between users in multiple administrative domains, to the XACML model for authorisation decision making. Delegation of authority is enacted via the issuing of credentials from one user to another, and follows the role based access control model. We present the problems and requirements that such a delegation model demands, the policy elements that are necessary to control the delegation chains and a description of the architected solution. We propose a new conceptual entity called the Credential Validation Service (CVS) to work alongside the XACML PDP. We describe our implementation of the CVS and present performance measurements for validating delegated chains of credentials.

Item Type: Article
Uncontrolled keywords: determinacy analysis, Craig interpolants
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: David Chadwick
Date Deposited: 21 Sep 2012 09:49
Last Modified: 14 May 2014 10:47
Resource URI: http://kar.kent.ac.uk/id/eprint/30605 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year