![]() Offline expansion of xacml policies based on p3p metadata. Claudio Ardagna, Ernesto Damiani, Sabrina De Capitani di Vimercati, Cristiano Fugazza, and Pierangela Samarati.Finally, we provide an initial evaluation of the expressiveness and performance of XACML4G with regard to XACML. ![]() We show the significance of our approach by means of a demonstration prototype in the university domain. To enforce XACML4G policies, we relied on the extensibility points of the XACML architecture and added proprietary extensions. Our approach, XACML for Graph-structured data (XACML4G), defines an extended XACML grammar for the authorization policy and access request. ![]() Therefore, we extend the well-established declarative policy definition language eXtensible Access Control Markup Language (XACML) and its architecture to describe path patterns and enforce the policies using the standard functional components of XACML. We present a solution for authorization policy specification and enforcement in a graph database to apply fine-grained path-specific constraints on graph-structured data. The rapidly increasing use of graph databases for a wide variety of applications demands flexible authorization and fine-grained access control at the level of attributes associated with the basic entities (i.e., accessing subject, requested resource, performed action, and environmental conditions) but also the vertices and edges along a particular access path.
0 Comments
Leave a Reply. |