International audienceIn this paper we present a system permitting controlled policy administration and delegation using the XACML access control system. The need for these capabilities stems from the use of XACML in the SweGrid Accounting System, which is used to enforce resource allocations to Swedish research projects. Our solution uses a second access control system Delegent, which has powerful delegation capabilities. We have implemented limited XML access control in Delegent, in order to supervise modifications of the XML-encoded XACML policies. This allows us to use the delegation capabilities of Delegent together with the expressive access level permissions of XACML
One of the most challenging problems in managing large, distributed, and heterogeneous networked sys...
Policy-based authorization systems have been largely deployed nowadays to control different privileg...
XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a str...
Abstract This paper presents an infrastructure that enables the use of administrative delegation in ...
In access control and digital rights management, del-egation introduces the ability to decentralize ...
The XACML standard defines an XML based language for defining access control policies and a related ...
We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control ...
The access control mechanisms are critical to ensure security in XML (extensible markup language). S...
Most access control mechanisms focus on how to define the rights of users in a precise way to preven...
Abstract. We present a formal, tool-supported approach to the design and maintenance of access contr...
Abstract. We describe adding support for dynamic delegation of authority between users in multiple a...
The extensible access control markup language (XACML) is the standard ac-cess control policy specifi...
This work proposes a XML-based framework for distributing and enforcing RSVP access control policies...
Abstract The paper addresses the issue of providing access control via delegation and constraint man...
Language) is a declarative access control policy language that has unique language constructs for fa...
One of the most challenging problems in managing large, distributed, and heterogeneous networked sys...
Policy-based authorization systems have been largely deployed nowadays to control different privileg...
XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a str...
Abstract This paper presents an infrastructure that enables the use of administrative delegation in ...
In access control and digital rights management, del-egation introduces the ability to decentralize ...
The XACML standard defines an XML based language for defining access control policies and a related ...
We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control ...
The access control mechanisms are critical to ensure security in XML (extensible markup language). S...
Most access control mechanisms focus on how to define the rights of users in a precise way to preven...
Abstract. We present a formal, tool-supported approach to the design and maintenance of access contr...
Abstract. We describe adding support for dynamic delegation of authority between users in multiple a...
The extensible access control markup language (XACML) is the standard ac-cess control policy specifi...
This work proposes a XML-based framework for distributing and enforcing RSVP access control policies...
Abstract The paper addresses the issue of providing access control via delegation and constraint man...
Language) is a declarative access control policy language that has unique language constructs for fa...
One of the most challenging problems in managing large, distributed, and heterogeneous networked sys...
Policy-based authorization systems have been largely deployed nowadays to control different privileg...
XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a str...