Abstract
In this paper we describe how we have added support for dynamic delegation of authority that is enacted via the issuing of credentials from one user to another, to the XACML model for authorisation decision making. Initially we present the problems and requirements that such a model demands, considering that multiple domains will typically be involved. We then describe our architected solution based on the XACML conceptual and data flow models. We also present at a conceptual level the policy elements that are necessary to support this model of dynamic delegation of authority. Given that these policy elements are significantly different to those of the existing XACML policy, we propose a new conceptual entity called the Credential Validation Service (CVS), to work alongside the XACML PDP in the authorisation decision making. Finally we present an overview of our first specification of such a policy and its implementation in the corresponding CVS. © IFIP International Federation for Information Processing 2006.
Author supplied keywords
Cite
CITATION STYLE
Chadwick, D. W., Otenko, S., & Nguyen, T. A. (2006). Adding support to XACML for dynamic delegation of authority in multiple domains. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4237 LNCS, pp. 67–86). Springer Verlag. https://doi.org/10.1007/11909033_7
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
