Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
An advanced policy based authorisation infrastructure
Proceedings of the 5th ACM workshop on Digital identity management
A privacy preserving authorisation system for the cloud
Journal of Computer and System Sciences
Proceedings of the 8h ACM symposium on QoS and security for wireless and mobile networks
Access control for semantic data federations in industrial product-lifecycle management
Computers in Industry
Ensuring continuous compliance through reconciling policy with usage
Proceedings of the 18th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the eXtensible Access Control Markup Language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism.