The well-founded semantics for general logic programs
Journal of the ACM (JACM)
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Coordinating access control in grid services
Concurrency and Computation: Practice & Experience - Middleware for Grid Computing: Future Trends (MGC2006)
Enforcing "sticky" security policies throughout a distributed application
Proceedings of the 2008 workshop on Middleware security
Identities in the Future Internet of Things
Wireless Personal Communications: An International Journal
A SWIFT Take on Identity Management
Computer
Adding support to XACML for dynamic delegation of authority in multiple domains
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Hi-index | 0.00 |
SaaS technology might comprise of a bundle of different services provided by different entities. Thus monolithic access policies are not feasible as each of the service partners and the companies using the service would have to provide their internal and potentially confidential rules on which they base their policies. In addition internal information such as concrete position of the user or affiliation to a specific project might be utilized in the policies and should not be provided to any external entity. Deduction of decisions has been investigated for more than a decade, but no widely spread standard has been defined, so far. OASIS XACML is being used in many applications and services nowadays. Additionally, tools for modeling the policies are available and many engineers share common understanding of this approach. In this paper we present an extension of the XACML language to support deduction of decisions, together with a distributed definition of the policies and at the same time avoiding problems known from current solutions on deductive policy languages.