Abstract
This paper describes a role based access control policy template for use by privilege management infrastructures where the roles are stored as X.509 Attribute Certificates in an LDAP directory. There is a brief description of the X.509 privilege management model, and how it can be used to implement RBAC. Policies that conform to the template are written in XML, and the template is specified as a DTD. (A future version will specify it as an XML schema). The policy is designed to be used by the PERMIS API, a Java specification for an Access Control Decision Function based on the ISO 10181 Access Control Framework and the Open Group’s AZN API.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35586-3_46
Chapter PDF
Similar content being viewed by others
Key words
References
ITU-T Rec X.812 (1995) I ISO/IEC 10181–3:1996 “Security Frameworks for open systems: Access control framework”
ACM Workshop on Role Based Access Control, 1996–2001. See http://portal.acm.org/portal.cfm for proceedings.
Adams, C., Lloyd, S. (1999). “Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations”. Macmillan Technical Publishing, 1999
Austin, T. “PM, A Wiley Tech Brief’, John Wiley and Son, ISBN: 0–471-35380–9, 2000
Wahl, M., Kille, S., Howes, T. “Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names”, RFC2253, December 1997.
Housley, R., Polk, T. “Planning for PM: Best Practices Guide for Deploying Public Key Infrastructure”. John Wiley and Son, ISBN: 0–471-39702–4, 2001
Wahl, M., Howes, T., Kille, S. “Lightweight Directory Access Protocol (v3)”, RFC 2251, Dec. 1997
The latest version of the Permis API can be downloaded from http://sec.isi.salford.ac.uk/permis
B.Moore, E. Ellesson, J. Strassner, A. Westerinen. “Policy Core Information Model -- Version 1 Specification”. RFC 3060. February 2001.
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E. “Role Based Access Control Models”. IEEE Computer 29, 2 (Feb 1996), p. 38–43.
ISO/ITU-T Rec. X.501(1997) The Directory: Models
ISO/ITU-T Rec. X.509(2001) The Directory: Authentication Framework
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Chadwick, D.W., Otenko, A. (2002). Rbac Policies in XML for X.509 Based Privilege Management. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds) Security in the Information Society. IFIP Advances in Information and Communication Technology, vol 86. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35586-3_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-35586-3_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1026-7
Online ISBN: 978-0-387-35586-3
eBook Packages: Springer Book Archive