Skip to main content

Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority

Chadwick, David W., Otenko, Sassa, Nguyen, Tuan Anh (2009) Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority. International Journal of Information Security, 8 (2). pp. 182-196. (doi:10.1007/s10207-008-0073-y) (KAR id:30605)

PDF Author's Accepted Manuscript
Language: English
Click to download this file (502kB) Preview
[thumbnail of Adding DOA to XACMLIJIS.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL:


Abstract. We describe adding support for dynamic delegation of authority between users in multiple administrative domains, to the XACML model for authorisation decision making. Delegation of authority is enacted via the issuing of credentials from one user to another, and follows the role based access control model. We present the problems and requirements that such a delegation model demands, the policy elements that are necessary to control the delegation chains and a description of the architected solution. We propose a new conceptual entity called the Credential Validation Service (CVS) to work alongside the XACML PDP. We describe our implementation of the CVS and present performance measurements for validating delegated chains of credentials.

Item Type: Article
DOI/Identification number: 10.1007/s10207-008-0073-y
Uncontrolled keywords: determinacy analysis, Craig interpolants
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: David Chadwick
Date Deposited: 21 Sep 2012 09:49 UTC
Last Modified: 16 Nov 2021 10:08 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.