Enterprise access policy enforcement for applications through hybrid models and XSLT technologies

Quantified Score

Visualization

Abstract

E-government systems like web portals provide various services to citizens. Information handled in these e-government systems are subject to multiple laws encompassing privacy, non-disclosure (confidentiality) and integrity policies. Hence the protection means for regulating access to this information should be policy driven. Policy-based access control is one such protection approach and has been incorporated into Enterprise Security Management (ESM) solutions. However, the existing ESM solutions have their limitations in entitlements (authorizations or permissions) specification, policy specification and policy verification capabilities. Further there is lack of transparency with respect to the process of mapping enterprise-level authorizations to individual application-level (target system-level) entitlements. To address these deficiencies, we developed E-PBAC, a framework and an associated set of tools as an ESM solution. E-PBAC uses XML to encode entitlement specifications based on a hybrid access control model that combines the Role-based Access Control Model (RBAC) and Domain Type Enforcement Model (DTE). It uses XSLT to encode policy rules and uses XSLT processor to perform policy verification as well as to map entitlements to various target systems.