Extending XACML to support Credential Based Hybrid Access Control
Various research efforts are in progress to enforce credential based access control using XACML standard. The current standard of XACML supports attribute based access control [4,5,9,19]. While XACML accepts certified attributes through digital certificates, it does not support credential based access control in which the access conditions are defined not only in terms of credential attributes but also in terms of types of credentials. Credential based hybrid access control[7,11,14,20,21] has been proposed for systems having diversified access control requirements. The use of various types of credentials in access control policy specification provides easy and immediate access to unknown user in open access environment. Fine grained access control in closed administrative domain is achieved using Identity Credential and the attributes associated with the credentials. In this paper, we propose extensions to the XACML standard that support credential-based hybrid access control. The XACML access policy language has been extended to define access policy in terms of heterogeneous credentials. Each credential is uniquely identified by associating a category and type with it. The access policy contains various conditions over credentials and the attributes associated with the credentials. Enhancement to XACML framework has also been proposed so that credential based hybrid access policies can be evaluated and enforced.
Keywords: XACML, credential, access control
Download Full-Text
ABOUT THE AUTHORS
Nirmal Dagdee
Dr. Nirmal Dagdee has earned his BE, ME and PhD degrees in Computer Engineering. His major research interests are in the fields of Service oriented computing, Data security and Soft Computing. He has authored several research papers that are published in reputed journals and conference proceedings. Presently, he is Director of S. D. Bansal College of Technology, Indore, India. He is a member of IEEE and ACM.
Ruchi Vijaywargiya
Ruchi Vijaywargiya, a faculty of computer science in S.D. Bansal College of Technology, Indore, India has around 20 years of experience in academics and software industry. She has done BE and ME in Computer Engineering and is pursuing PhD under the supervision of Dr. Dagdee in the field of data security and access control. Her areas of interest are data security, computer networks and object oriented technology. She is a member of IEEE.
Nirmal Dagdee
Dr. Nirmal Dagdee has earned his BE, ME and PhD degrees in Computer Engineering. His major research interests are in the fields of Service oriented computing, Data security and Soft Computing. He has authored several research papers that are published in reputed journals and conference proceedings. Presently, he is Director of S. D. Bansal College of Technology, Indore, India. He is a member of IEEE and ACM.
Ruchi Vijaywargiya
Ruchi Vijaywargiya, a faculty of computer science in S.D. Bansal College of Technology, Indore, India has around 20 years of experience in academics and software industry. She has done BE and ME in Computer Engineering and is pursuing PhD under the supervision of Dr. Dagdee in the field of data security and access control. Her areas of interest are data security, computer networks and object oriented technology. She is a member of IEEE.
