A Non-technical User-Oriented Display Notation for XACML Conditions

  • Bernard Stepien
  • Amy Felty
  • Stan Matwin
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 26)


Ideally, access control to resources in complex IT systems ought to be handled by business decision makers who own a given resource (e.g., the pay and benefits section of an organization should decide and manage the access rules to the payroll system). To make this happen, the security and database communities need to develop vendor-independent access management tools, useable by decision makers, rather than technical personnel detached from a given business function. We have developed and implemented such tool, based on XACML. The XACML is an important emerging tool for managing complex access control applications. As a formal notation, based on an XML schema representing the grammar of a given application, XACML is precise and non-ambiguous. But this very property puts it out of reach of non-technical users. We propose a new notation for displaying and editing XACML rules that is independent of XML, and we develop an editor for it. Our notation combines a tree representation of logical expressions with an accessible natural language layer. Our early experience indicates that such rules can be grasped by non-technical users wishing to develop and control rules for accessing their own resources.


Access control notation rule editor XACML 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boney, J.: Cisco IOS in a nutshell, 1st edn. O’Reilly, Sebastopol (2001)Google Scholar
  2. 2.
    Giordano, M., Polese, G., Scanniello, G., Tortora, G.: Visual Modelling of Role-Based Security Policies in Distributed Multimedia Applications. In: 6th IEEE International Symposium on Multimedia Software Engineering. IEEE Press, Los Alamitos (2004)Google Scholar
  3. 3.
    University of Murcia XACML Policy Editor,
  4. 4.
    Vullings, E.: Implementing Authorized Access (2006),
  5. 5.
  6. 6.
    XACML Profile for Role Based Access Control (RBAC) (2004),
  7. 7.
  8. 8.
    XMLPad, open source,

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Bernard Stepien
    • 1
  • Amy Felty
    • 1
  • Stan Matwin
    • 1
  1. 1.School of Information Technology and EngineeringUniversity of Ottawa, Canada, and Devera Logic, Inc.OttawaCanada

Personalised recommendations