Abstract :
[en] Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy. XACML (eXtensible Access Control Markup Language) proposes a conceptual architecture and a policy language to reflect this ideal design of policy-based systems.However, while rights are well-captured by authorizations, duties, also called obligations, are not well managed by XACML architecture. The current version of XACML lacks (1) well-defined syntax to express obligations and (2) an unified model to handle decision making w.r.t. obligation states and the history of obligations fulfillment/ violation. In this work, we propose an extension of XACML reference model that integrates obligation states in the decision making process.We have extended XACML language and architecture for a better obligations support and have shown how obligations are managed in our proposed extended XACML architecture: OB-XACML. © Springer International Publishing Switzerland 2015.
Scopus citations®
without self-citations
1