Offline Expansion of XACML Policies Based on P3P Metadata

  • Claudio Ardagna
  • Ernesto Damiani
  • Sabrina De Capitani di Vimercati
  • Cristiano Fugazza
  • Pierangela Samarati
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3579)


In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in semantic-Web style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes.

In this paper, we discuss how standard XACML policies can handle ontology-based resource and subject descriptions based on the standard P3P base data schema. We show that XACML conditions can be transparently expanded according to ontology-based models representing semantics. Our expansion technique greatly reduces the need for online reasoning and decreases the system administrator’s effort for producing consistent rules when users’ descriptions comprise multiple credentials with redundant attributes.


Access Control Data Item Policy Language Expressive Power Subject Description 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Cremonini, M., Samarati, P.: Towards Identity Management for E-Services. In: Proc. of the TED Conference on e-Government Electronic democracy: The challenge ahead, Bozen, Italy (March 2005)Google Scholar
  2. 2.
    Bonatti, P.A., Samarati, P.: A Uniform Framework for Regulating Service Access and Information Release on the Web. Journal of Computer Security 10(3), 241–272 (2002)Google Scholar
  3. 3.
    Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Extending Policy Languages to the Semantic Web. In: Koch, N., Fraternali, P., Wirsing, M. (eds.) ICWE 2004. LNCS, vol. 3140, pp. 330–343. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    eXtensible Access Control Markup Language (XACML) – Organization for the Advancement of Structured Information Standards,
  5. 5.
    Pan, J.Z., Horrocks, I.: Metamodeling Architecture of Web Ontology Languages. In: Proc. of the Semantic Web Working Symposium (2001)Google Scholar
  6. 6.
    Ceravolo, P., Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Advanced Metadata for Privacy-Aware Representation of Credentials. In: Proc. of the ICDE Workshop on Privacy Data Management (PDM 2005) (2005)Google Scholar
  7. 7.
    OWL Web Ontology Language – Overview – W3C Recommendation (December 2003),
  8. 8.
    Platform for Privacy Preferences (P3P) – W3C Recommendation, April 16 (2002),
  9. 9.
    Privacy and Identity Management for Europe (PRIME) – European RTD Integrated Project,
  10. 10.
    RDF Vocabulary Description Language (RDFS) – W3C Recommendation, February 10 (2004),
  11. 11.
    RDQL - A Query Language for RDF - W3C Member Submission, January 9 (2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Claudio Ardagna
    • 1
  • Ernesto Damiani
    • 1
  • Sabrina De Capitani di Vimercati
    • 1
  • Cristiano Fugazza
    • 1
  • Pierangela Samarati
    • 1
  1. 1.Dipartimento di Tecnologie dell’InformazioneUniversità degli Studi di MilanoCremaItaly

Personalised recommendations