Encyclopedia of Database Systems

Living Edition
| Editors: Ling Liu, M. Tamer Özsu

Access Control Policy Languages

  • Athena VakaliEmail author
Living reference work entry
DOI: https://doi.org/10.1007/978-1-4899-7993-3_5-2



An access control policy language is a particular set of grammar, syntax rules (logical and mathematical), and operators which provides an abstraction-layer for access control policy specifications. Such languages combine individual rules into a single policy set, which is the basis for (user/subject) authorization decisions on accessing content (object) stored in various information resources. The operators of an access control policy language are used on attributes of the subject, resource (object), and their underlying application framework to facilitate identifying the policy that (most appropriately) applies to a given action.

Historical Background

The evolution of access control policy languages is inline with the evolving large-scale highly distributed information systems and the Internet, which turned the tasks of authorizing and controlling of accessing on a global enterprise (or on Internet) framework increasingly challenging...


Access Control Policy Language Access Control Policy Access Control Model Digital Right Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Stoupa K, Vakali A. Policies for web security services, chapter III. In: Ferrari E, Thuraisingham B, editors. Web and information security. Hershey: Idea-Group Publishing; 2006.Google Scholar
  2. 2.
    Vuong NN, Smith GS, Deng Y. Managing security policies in a distributed environment using eXtensible markup language (XML). In: Proceedings of 16th ACM Symposium on Applied Computing; 2001. p. 405–11.Google Scholar
  3. 3.
    Alm C, Wolf R, Posegga J. The OPL access control policy language. In: Fischer-H¨ubner S, et al., editors. TrustBus 2009, LNCS 5695. Berlin/Heidelberg: Springer; 2009. p. 138–48.Google Scholar
  4. 4.
    Bertino E, Castano S, Ferrari E. On specifying security policies for web documents with an XML-based language. In: Proceedings of 6th ACM Symposium on Access Control Models and Technologies; 2001. p. 57–65.Google Scholar
  5. 5.
    Bertino E, Castano S, Ferrari E. Securing XML documents with author-X. IEEE Internet Computing. May–June 2001. p. 21–31.Google Scholar
  6. 6.
    Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P. Design and implementation of an access control processor forXML documents. In: Proceedings of 9th International World Wide Web Conference; 2000. p. 59–75.Google Scholar
  7. 7.
    He H, Wong RK. A role-based access control model for XML repositories. In: Proceedings of 1st International Conference on Web Information Systems Engineering; 2000. p. 138–45.Google Scholar
  8. 8.
    Stoupa K. Access control techniques in distributed systems and the Internet. Ph.D. Thesis, Aristotle University, Department of Informatics; 2007.Google Scholar
  9. 9.
    Fong PWL. Relationship-based access control: protection model and policy language. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY ‘11). New York: ACM; 2011. p. 191–202.Google Scholar
  10. 10.
    Rachapalli J, Khadilkar V, Kantarcioglu M, Thuraisingham B. Redaction based RDF access control language. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT ‘14). New York: ACM; 2014. p. 177–80.Google Scholar
  11. 11.
    Qi N, Kud M. Access control policy languages in XML, applications and trends. Springer Science+Business Media, LLC; 2008. p. 55–71.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Aristotle UniversityThessalonikiGreece

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DiSTAUniv. of InsubriaVareseItaly