© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Adding support to XACML for multi-domain user to user dynamic delegation of authority
David W Chadwick, Sassa Otenko, and Tuan Anh Nguyen
International Journal of Information Security, 8(2):182-196, April 2009 [doi].Abstract
Abstract. We describe adding support for dynamic delegation of authority between users in multiple administrative domains, to the XACML model for authorisation decision making. Delegation of authority is enacted via the issuing of credentials from one user to another, and follows the role based access control model. We present the problems and requirements that such a delegation model demands, the policy elements that are necessary to control the delegation chains and a description of the architected solution. We propose a new conceptual entity called the Credential Validation Service (CVS) to work alongside the XACML PDP. We describe our implementation of the CVS and present performance measurements for validating delegated chains of credentials.
Download publication 474 kbytes (PDF)Bibtex Record
@article{3024,
author = {David W Chadwick and Sassa Otenko and Tuan Anh Nguyen},
title = {Adding Support to {XACML} for Multi-Domain User to User Dynamic Delegation of Authority },
month = {April},
year = {2009},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {10.1007/s10207-008-0073-y },
url = {http://www.cs.kent.ac.uk/pubs/2009/3024},
publication_type = {article},
submission_id = {24038_1280421449},
journal = {International Journal of Information Security},
volume = {8},
number = {2},
}