An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!
Proceedings of the eleventh ACM symposium on Access control models and technologies
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Defeasible security policy composition for web services
Proceedings of the fourth ACM workshop on Formal methods in security
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
Secure Collaboration in a Mediator-Free Distributed Environment
IEEE Transactions on Parallel and Distributed Systems
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hi-index | 0.00 |
In dynamic collaboration, participants oftentimes need to share resources with each other under the same criteria. However, since each participant has its own authorization policies as a way of controlling resource access, their discrepancies make such collaboration difficult. It is desired to develop a practical and automatic way to generate the collaborative policies for coequal authorizations. In this paper, we investigate this problem by proposing an authorization framework based on the widely adopted XACML policy. Each practical XACML policy is converted into Boolean expressions and further refined as a set of atomic rules against the policy structure. With the rule set, the combination algorithms in policies and the collaboration preference of participants, the collaborative authorization policy is automatically generated. We analyze the consistency of the collaborative policies with previous authorization policies. Some experiments are performed to exam our approach and show that it can efficiently solve the problem of coequal authorizations.