Supporting RBAC with XACML+OWL

XACML does not natively support RBAC and even the specialized XACML profiles are not able to support many relevant constraints such as static and dynamic separation of duty. Extending XACML to support such constraints, however, is an issue that requires extensions not only to the XACML language but also to the XACML reference architecture and engine. In this paper we introduce XACML+OWL,a framework that integrates OWL ontologies and XACML policies for supporting RBAC. The basic idea is to decouple the design of an RBAC system by modeling the role hierarchy and the constraints with an OWL ontology and the authorization policies with XACML. In doing this, we introduce new functions that extend policies with semantic reasoning services based on the OWL ontology. As part of such extension, we extend the reference architecture of XACML and the XACML data-flow for access control decisions with the invocation of such functions.
Date: June 30, 2009
Type: Article
Edition: 14th
Chapter: ACM
Publisher: Symposium on Access control models and technologies (SACMAT 2009),
Address: Stresa, Italy
Downloads: 1565

Has 1 soft copy


size 524172 bytes

Bibtex


@Article{Supporting_RBAC_with_XACML_OWL,
  author = "Rodolfo Ferrini and Elisa Bertino",
  title = "{Supporting RBAC with XACML+OWL}",
  month = "June",
  year = "2009",
  edition = "14th",
  chapter = "ACM",
  address = ", Stresa, Italy",
  publisher = "Symposium on Access control models and technologies (SACMAT 2009),",
}