Abstract
Today, when organizations perform access control over their resources they are not only interested in the user’s identity, but in other data such as user’s attributes or contextual information. These requirements can be found, for example, in a network access control scenario where end users pay for a specific access level and depending on it, they can get different network quality of service. The network provider has to check, not only the user identity, but the user’s attributes to make sure that he can access to the specified resource. These systems are based on the use of policy languages to define the authorization process. However, due to the increasing complexity of current systems, policies are becoming more and more complex to be managed by system administrators. Therefore, in this paper we present an user friendly approach to policy specification, based on the use of high level templates and common desktop applications. These templates are easily built from XML schemas, and once they have been filled, a XACML policy is automatically generated using a XML transformation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Altova (2006), XMLSpy® http://www.altova.com/xmlspy
Anderson, A., Parducci, B., Adams, C., Flinn, D., Brose, G., Lockhart, H., Beznosov, K., Kudo, M., Humenn, P., Godik, S., Andersen, S., Crocker, S., Moses, T.: EXtensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard (2003)
Apache Software Foundation. The apache xalan project (2006), http://xalan.apache.org
Chadwick, D., Otenko, O., Ball, E.: Implementing role based access controls using x.509 attribute certificates. IEEE Internet Computing, 62–69 (2003)
Clark, J.: XSL Transformation (XSLT). W3C Recommendation (1999)
Canovas, O., Lopez, G., Gómez-Skarmeta, A.: A Credential Conversion Service for SAML-based Scenarios. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 297–305. Springer, Heidelberg (2004)
Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yegin, A.: Protocol for Carrying Authentication for Network Access (PANA). Internet Draft (2005)
Hoffman, M.: Architecture of Microsoft Office InfoPath 2003. Microsoft Technical Report (2003)
IEEE Computer Society, P802.1x/d11: Standard for port based network access control. IEEE Draft (2001)
Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First Experiences Using XACML for Access Control in Distributed Systems. In: ACM Workshop on XML Security (2002)
Lopez, G., Canovas, O., Gomez, A.F.: Use of xacml policies for a network access control service. In: Proceedings 4th International Workshop for Applied PKI, IWAP 2005, pp. 111–122. IOS Press, Amsterdam (2005)
Lopez, G., Canovas, O., Gomez, A.F., Jimenez, J.D., Marin, R.: A network access control approach based on the aaa architecture and authorzation attributes. Journal of Network and Computer Applications JNCA (to be published, 2006)
OASIS (2006). OASIS eXtensible Access Control Markup Language (XACML)TC, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a PKI environment. ACM Transactions on Information and System Security (TISSEC) 6, 566–588 (2003)
University of Murcia, UMU XACML editor. (2006), http://xacml.dif.um.es
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sanchez, M., Lopez, G., Gomez-Skarmeta, A.F., Canovas, O. (2008). Using Microsoft Office InfoPath to Generate XACML Policies. In: Filipe, J., Obaidat, M.S. (eds) E-Business and Telecommunication Networks. ICETE 2006. Communications in Computer and Information Science, vol 9. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70760-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-70760-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70759-2
Online ISBN: 978-3-540-70760-8
eBook Packages: Computer ScienceComputer Science (R0)