Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/2198' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/2198' in /dati/webiit-old/includes/database.pgsql.inc on line 159 A proposal on enhancing XACML with continuous usage control features | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

A proposal on enhancing XACML with continuous usage control features

Usage control (UCON) proposed by R. Sandhu et al. [8, 9] is an attributebased authorization model and its main novelties are mutability of attributes and continuity of control.

OASIS eXtensible Access Control Markup Language (XACML) [10] is a widely-used language to write authorization policies to protect resources in a distributed computing environment (e.g. Grid). The XACML policy specifies beforeusage authorization process optionally complemented with obligation actions fulfillment. By now, XACML has insufficient facilities to express continuous usage control afterwards an access was granted and started.

In this paper, we introduce U-XACML, a new policy language, which enhances the original XACML with the UCON novelties. We extend a syntax and semantics of the XACML policy to define mutability of attributes and continuity of control. We introduce an architecture to enforce the U-XACML policy.


CoreGRID ERCIM Working Group Workshop on Grids, P2P and Service computing, in Conjunction With EuroPAR 2009, Delft, Netherlands , 2009

IIT authors:

Aliaksandr Lazouski

Foto di Aliaksandr Lazouski

Maurizio Colombo

Foto di Maurizio Colombo

Type: Article in proceedings of international peer-reviewed conference
Field of reference: Information Technology and Communication Systems