skip to main content
10.1145/1052220.1052282acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicecConference Proceedingsconference-collections
Article

Enterprise access policy enforcement for applications through hybrid models and XSLT technologies

Published: 25 March 2004 Publication History

Abstract

E-government systems like web portals provide various services to citizens. Information handled in these e-government systems are subject to multiple laws encompassing privacy, non-disclosure (confidentiality) and integrity policies. Hence the protection means for regulating access to this information should be policy driven. Policy-based access control is one such protection approach and has been incorporated into Enterprise Security Management (ESM) solutions. However, the existing ESM solutions have their limitations in entitlements (authorizations or permissions) specification, policy specification and policy verification capabilities. Further there is lack of transparency with respect to the process of mapping enterprise-level authorizations to individual application-level (target system-level) entitlements. To address these deficiencies, we developed E-PBAC, a framework and an associated set of tools as an ESM solution. E-PBAC uses XML to encode entitlement specifications based on a hybrid access control model that combines the Role-based Access Control Model (RBAC) and Domain Type Enforcement Model (DTE). It uses XSLT to encode policy rules and uses XSLT processor to perform policy verification as well as to map entitlements to various target systems.

References

[1]
Arcieri, F.; Melideo, G.; Nardelli, E.; Talamo, M. Experiences and issues in the realization of e-government services. In Proceedings of the Twelfth International Workshop on Research Issues in Data Engineering: Engineering e-Commerce/ e-Business Systems, Feb 2002, 143--148.
[2]
W. Boebert and R. Kain, "A Practical Alternative to Hierarchical Integrity Policies", Proc. 8th National Computer Security Conference, Oct 1985, pp 18--27.
[3]
R. Chandramouli, "A Framework for Multiple Authorization Types in a Healthcare Application System", Proc. 17th Annual Computer Security Applications Conference, New Orleans, USA, pp 137--148
[4]
D. Ferraiolo, J. Cugini, and D. R. Kuhn. "Role Based Access Control (RBAC): Features and Motivations" Proc. 11th Annual Computer Security Applications Conference, December 1995.
[5]
eXtensible Access Control Markup Language, Version 1.0, February2003, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
[6]
J. Hoffman, "Implementing RBAC on a Type Enforced System, Proc. 13th Annual Computer Security Applications Conference, New Orleans, USA, pp 158--163.
[7]
Joshi, J.; Ghafoor, A.; Aref, W. G.; Spafford, E. H. Digital government security infrastructure design challenges. In IEEE Computer Volume:34, Issue:2, Feb 2001, 66--72.
[8]
Nathan N. Vuong, Geoffrey S. Smith, Yi Deng, Managing security policies in a distributed environment using extensible markup language (XML), Proceedings of the 16th ACM SAC2001 symposium on Applied computing March 2001, Las Vegas, Nevada, United States
[9]
Novell Nsure, http://www.novell.com/solutions/nsure/
[10]
R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman. "Role Based Access Control Models" IEEE Computer, vol 29, Num 2, February 1996, p. 38--47.
[11]
Xalan-Java version 2.6.0, http://xml.apache.org/xalan-j/
[12]
XML Schema Part 0: Primer W3C Recommendation, 2 May 2001 http://www.w3.org/TR/xmlschema-0/
[13]
XSL Transformations (XSLT) Version 1.0, W3C Recommendation, Nov 1999, http://www.w3.org/TR/xslt

Cited By

View all
  • (2011)Compiler support for effective XSL transformationConcurrency and Computation: Practice and Experience10.1002/cpe.190124:14(1572-1593)Online publication date: 13-Dec-2011
  • (2009)Modeling and reconfiguration of critical business processes for the purpose of a Business Continuity Management respecting security, risk and compliance requirements at Credit Suisse using algebraic graph transformation2009 13th Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2009.5332015(64-71)Online publication date: Sep-2009

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICEC '04: Proceedings of the 6th international conference on Electronic commerce
March 2004
684 pages
ISBN:1581139306
DOI:10.1145/1052220
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • ICEC: International Center for Electronic Commerce

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 March 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. XML schema
  2. XSLT
  3. domain type enforcement (DTE)
  4. policy rules
  5. provisioning
  6. role-based access control (RBAC)

Qualifiers

  • Article

Acceptance Rates

Overall Acceptance Rate 150 of 244 submissions, 61%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2011)Compiler support for effective XSL transformationConcurrency and Computation: Practice and Experience10.1002/cpe.190124:14(1572-1593)Online publication date: 13-Dec-2011
  • (2009)Modeling and reconfiguration of critical business processes for the purpose of a Business Continuity Management respecting security, risk and compliance requirements at Credit Suisse using algebraic graph transformation2009 13th Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2009.5332015(64-71)Online publication date: Sep-2009

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media