Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
The description logic handbook: theory, implementation, and applications
The description logic handbook: theory, implementation, and applications
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
ROWLBAC: representing role based access control in OWL
Proceedings of the 13th ACM symposium on Access control models and technologies
Using semantic web technologies for policy management on the web
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
A DL-based method for access control policy conflict detecting
Proceedings of the First Asia-Pacific Symposium on Internetware
Journal of Systems Architecture: the EUROMICRO Journal
A controlled natural language interface for authoring access control policies
Proceedings of the 2011 ACM Symposium on Applied Computing
The pragmatics of event-driven business processes
Proceedings of the 7th International Conference on Semantic Systems
Ontology-based matching of security attributes for personal data access in e-health
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part II
Role-Based access control for model-driven web applications
ICWE'12 Proceedings of the 12th international conference on Web Engineering
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
Extensible access control markup language integrated with Semantic Web technologies
Information Sciences: an International Journal
Hi-index | 0.00 |
XACML does not natively support RBAC and even the pecialized XACML profiles are not able to support many relevant constraints such as static and dynamic separation of duty. Extending XACML to support such constraints, however, is an issue that requires extensions not only to the XACML language but also to the XACML reference architecture and engine. In this paper we introduce XACML+OWL, a framework that integrates OWL ontologies and XACML policies for supporting RBAC. The basic idea is to decouple the design of an RBAC system by modeling the role hierarchy and the constraints with an OWL ontology and the authorization policies with XACML. In doing this, we introduce new functions that extend policies with semantic reasoning services based on the OWL ontology. As part of such extension, we extend the reference architecture of XACML and the XACML data-flow for access control decisions with the invocation of such functions.