Role-Based Access Control Models
Computer
Managing security policies in a distributed environment using eXtensible markup language (XML)
Proceedings of the 2001 ACM symposium on Applied computing
Implementing RBAC on a type enforced system
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
A Framework for Multiple Authorization Types in a Healthcare Application System
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Experiences and issues in the realization of e-government services
RIDE '02 Proceedings of the 12th International Workshop on Research Issues in Data Engineering: Engineering E-Commerce/E-Business Systems (RIDE'02)
IBM Journal of Research and Development
Compiler support for effective XSL transformation
Concurrency and Computation: Practice & Experience
Hi-index | 0.00 |
E-government systems like web portals provide various services to citizens. Information handled in these e-government systems are subject to multiple laws encompassing privacy, non-disclosure (confidentiality) and integrity policies. Hence the protection means for regulating access to this information should be policy driven. Policy-based access control is one such protection approach and has been incorporated into Enterprise Security Management (ESM) solutions. However, the existing ESM solutions have their limitations in entitlements (authorizations or permissions) specification, policy specification and policy verification capabilities. Further there is lack of transparency with respect to the process of mapping enterprise-level authorizations to individual application-level (target system-level) entitlements. To address these deficiencies, we developed E-PBAC, a framework and an associated set of tools as an ESM solution. E-PBAC uses XML to encode entitlement specifications based on a hybrid access control model that combines the Role-based Access Control Model (RBAC) and Domain Type Enforcement Model (DTE). It uses XSLT to encode policy rules and uses XSLT processor to perform policy verification as well as to map entitlements to various target systems.