The OPL Access Control Policy Language

  • Authors:

  • Christopher Alm;Ruben Wolf;Joachim Posegga

  • Affiliations:

  • Steria Mummert Consulting AG, Germany;Fraunhofer SIT, Darmstadt, Germany;Institute of IT Security and Security Law, Passau, Germany

  • Venue:
  • TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use complicated and complex language constructs to express such concepts. The latter, however, is cumbersome and error-prone for humans dealing with policy administration. We present the flexible policy language OPL that can represent a wide range of access control principles in XML directly, by providing dedicated language constructs for each supported principle. It can be easily extended with further principles if necessary. OPL is based on a module concept, and it can easily cope with the language complexity that usually comes with a growing expressiveness. OPL is suitable to be used in an enterprise environment, since it combines the required expressiveness with the simplicity necessary for an appropriate administration.