© University of Kent - Contact | Feedback | Legal
The University of Kent, Canterbury, Kent, CT2 7NZ, T +44 (0)1227 764000
Adding Support to XACML for Dynamic Delegation of Authority in Multiple Domains
David W Chadwick, Sassa Otenko, and Tuan Anh Nguyen
In Proc of 10th IFIP TC-6 TC-11 Int Conf, CMS 2006, pages 67-86, Heraklion, Crete, Greece, October 2006. Springer LNCS Volume 4237/2006.Abstract
In this paper we describe how we have added support for dynamic delegation of authority that is enacted via the issuing of credentials from one user to another, to the XACML model for authorisation decision making. Initially we present the problems and requirements that such a model demands, considering that multiple domains will typically be involved. We then describe our architected solution based on the XACML conceptual and data flow models. We also present at a conceptual level the policy elements that are necessary to support this model of dynamic delegation of authority. Given that these policy elements are significantly different to those of the existing XACML policy, we propose a new conceptual entity called the Credential Validation Service (CVS), to work alongside the XACML PDP in the authorisation decision making. Finally we present an overview of our first specification of such a policy and its implementation in the corresponding CVS.
Download publication 414 kbytes (PDF)Bibtex Record
@inproceedings{2533,
author = {David W Chadwick and Sassa Otenko and Tuan Anh Nguyen},
title = {{A}dding {S}upport to {XACML} for {D}ynamic {D}elegation of {A}uthority in {M}ultiple {D}omains},
month = {October},
year = {2006},
pages = {67-86},
keywords = {delegation, multiple domains, authority},
note = {},
doi = {},
url = {http://www.cs.kent.ac.uk/pubs/2006/2533},
publication_type = {inproceedings},
submission_id = {5038_1179407232},
booktitle = {Proc of 10th IFIP TC-6 TC-11 Int Conf, CMS 2006},
address = {Heraklion, Crete, Greece},
publisher = {Springer LNCS Volume 4237/2006},
}