Advertisement

Protocol for Certificate Based Access Control Policies Description Language

  • Jerzy Pejaś
  • Paweł Sukiennik

Abstract

Access control in wide distributed networks has to be separated into domains in order to make it easily scalable and manageable. The management system also has to be automated to reduce complexity. Role based access control allows to achieve this goal, however adding public key infrastructure to RBAC approach would expand system capabilities in many ways. One of them is ability to specify certificate—based policies, which allow to access system resources by users form un-trusted sources. Adding digital signature to policies increases system security. This paper describes communication protocol in certificate based access control system, based on XACML standard described in [1].

Key words

certificate-based access control role-based access control domain policy digital signature PKI PMI XACML 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

7 References

  1. [1]
    Simon Godik, Tim Moses. 2003. eXtensible Access Control Markup Language (XACML) Version 1.0. Oasis Open 2003.Google Scholar
  2. [2]
    A Brief Introduction to XACML. Sun Microsystems 2003.Google Scholar
  3. [3]
    D.W. Chadwick, A. Otenko RBAC Policies in XML for X.509 Based Privileges Management, University of SalfordGoogle Scholar
  4. [4]
    M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon XML Signature Syntax and Processing, W3C Recommendation 2002.Google Scholar
  5. [5]
    R. Chandramouli Specification and Validation of Enterprise Access control Data for Conformance to Model and Policy Constrains, NIST Computer Security DivisionGoogle Scholar
  6. [6]
    X. Zhang, J. Park, R. Sandhu Schema Based XML Security: RBAC Approach, 17th IFIP 11.3 Working Conference on Data and Application Security, Estes Park, Colorado, USA August 4–6Google Scholar
  7. [7]
    R. Chandramouli Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks, NIST Computer Security DivisionGoogle Scholar
  8. [8]
    J. Pejaś, P. Sukiennik Access Control Description Language in Wide Distributed Systems, VI Krajowa Konferencja Naukowo-Techniczna. Diagnostyka Procesów Przemysłowych.Google Scholar
  9. [9]
    P. Sukiennik Framework for Certificate-Based Access Control Policies Description Language Ponder, Advanced Computer Systems 2003.Google Scholar
  10. [10]
    M. Kurkowski, J. Pejaś A Propositional Logic for Access Control in Distributed Systems, in Artificial Intelligence and Security in Computing Systems, Kluwer Academic Publishers, Boston/Dordrecht/London 2003Google Scholar
  11. [11]
    J. Pejaś Certificate-Based Access Control Policies Description Language, in Artificial Intelligence and Security in Computing Systems, Kluwer Academic Publishers, Boston/Dordrecht/London 2003Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2005

Authors and Affiliations

  • Jerzy Pejaś
    • 1
  • Paweł Sukiennik
    • 1
  1. 1.Faculty of Computer Science & Information SystemsTechnical University of SzczecinSzczecin

Personalised recommendations