A logic-based calculus of events
New Generation Computing
The Object-Z specification language
The Object-Z specification language
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
TRBAC: a temporal role-based access control model
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Role-Based Access Control
First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Patterns and Pattern Diagrams for Access Control
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Hi-index | 0.00 |
Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use complicated and complex language constructs to express such concepts. The latter, however, is cumbersome and error-prone for humans dealing with policy administration. We present the flexible policy language OPL that can represent a wide range of access control principles in XML directly, by providing dedicated language constructs for each supported principle. It can be easily extended with further principles if necessary. OPL is based on a module concept, and it can easily cope with the language complexity that usually comes with a growing expressiveness. OPL is suitable to be used in an enterprise environment, since it combines the required expressiveness with the simplicity necessary for an appropriate administration.