A Non-technical User-Oriented Display Notation for XACML Conditions
Ideally, access control to resources in complex IT systems ought to be handled by business decision makers who own a given resource (e.g., the pay and benefits section of an organization should decide and manage the access rules to the payroll system). To make this happen, the security and database communities need to develop vendor-independent access management tools, useable by decision makers, rather than technical personnel detached from a given business function. We have developed and implemented such tool, based on XACML. The XACML is an important emerging tool for managing complex access control applications. As a formal notation, based on an XML schema representing the grammar of a given application, XACML is precise and non-ambiguous. But this very property puts it out of reach of non-technical users. We propose a new notation for displaying and editing XACML rules that is independent of XML, and we develop an editor for it. Our notation combines a tree representation of logical expressions with an accessible natural language layer. Our early experience indicates that such rules can be grasped by non-technical users wishing to develop and control rules for accessing their own resources.
KeywordsAccess control notation rule editor XACML
Unable to display preview. Download preview PDF.
- 1.Boney, J.: Cisco IOS in a nutshell, 1st edn. O’Reilly, Sebastopol (2001)Google Scholar
- 2.Giordano, M., Polese, G., Scanniello, G., Tortora, G.: Visual Modelling of Role-Based Security Policies in Distributed Multimedia Applications. In: 6th IEEE International Symposium on Multimedia Software Engineering. IEEE Press, Los Alamitos (2004)Google Scholar
- 3.University of Murcia XACML Policy Editor, http://xacml.dif.um.es/
- 4.Vullings, E.: Implementing Authorized Access (2006), http://www.apsr.edu.au/Open_Repositories_2006/erik_vullings.ppt#256
- 5.XACML, OASIS standard, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
- 6.XACML Profile for Role Based Access Control (RBAC) (2004), http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf
- 7.XACML Studio, http://xacml-studio.sourceforge.net/
- 8.XMLPad, open source, http://www.wmhelp.com/xmlpad3.htm