Managing the lifecycle of XACML delegation policies in federated environments

  • Manuel Sánchez
  • Ó scar Cánovas
  • Gabriel López
  • Antonio F. Gómez-Skarmeta
Part of the IFIP – The International Federation for Information Processing book series (IFIPAICT, volume 278)


This paper presents an infrastructure that enables the use of administrative delegation in an effective way, reducing the complexity in the policy management for some specific scenarios. This infrastructure is in charge of managing the policies of the system during its lifecycle, for example when they are created by the users or when they are collected to take an authorization decision. The proposal makes use of a robust and extensible language as XACML in order to express the authorization policies. However, as we will see, the management infrastructure has been designed in a way that facilitates the task of the different users involved, assuming that those users do not have to be security experts or XACML-aware.


  1. 1.
    DAMe Project web site. Scholar
  2. 2.
    UMU XACML Editor Home Page. Scholar
  3. 3.
    A. Anderson et al. EXtensible Access Control Markup Language (XACML) Version 1.0, February 2003. OASIS Standard.Google Scholar
  4. 4.
    D.R. López et al. Deliverable DJ5.2.2,2: G’EANT2 Authorisation and Authentication Infrastructure (AAI) Architecture - second edition, April 2007. GN2 JRA5. GÉANT 2.Google Scholar
  5. 5.
    T. Kersting et al. Deliverable DJ5.1.5,2: Inter-NREN Roaming Infrastructure and Service Support Cookboook - Second Edition, August 2007. GN2 JRA5. GÉANT 2.Google Scholar
  6. 6.
    E. Rissanen and B.S. Firozabadi. Administrative Delegation in XACML - Position Paper, 2004.Google Scholar
  7. 7.
    M. Sacute{a}nchez, G. López, O. Cánovas, and A.F. Gómez-Skarmeta. Using Microsoft Office InfoPath to Generate XACML Policies. In Proceedings of the International Conference on Security and Cryptography (SECRYPT), 2006.Google Scholar
  8. 8.
    OASIS Access Control TC. XACML v3.0 Administration and Delegation Profile Version 1.0, October 2007. OASIS Working Draft.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Manuel Sánchez
    • 1
  • Ó scar Cánovas
    • 2
  • Gabriel López
    • 1
  • Antonio F. Gómez-Skarmeta
    • 1
  1. 1.Department of Information and Communications EngineeringUniversity of MurciaSpain
  2. 2.Department of Computer EngineeringUniversity of MurciaSpain

Personalised recommendations