Offline expansion of XACML policies based on P3P metadata

Claudio Ardagna, Ernesto Damiani, Sabrina De Capitani Di Vimercati, Cristiano Fugazza, Pierangela Samarati

Research output: Contribution to journalConference articlepeer-review

10 Scopus citations

Abstract

In the last few years XML-based access control languages like XACML have been increasingly used for specifying complex policies regulating access to network resources. Today, growing interest in semantic-Web style metadata for describing resources and users is stimulating research on how to express access control policies based on advanced descriptions rather than on single attributes. In this paper, we discuss how standard XACML policies can handle ontology-based resource and subject descriptions based on the standard P3P base data schema. We show that XACML conditions can be transparently expanded according to ontology-based models representing semantics. Our expansion technique greatly reduces the need for online reasoning and decreases the system administrator's effort for producing consistent rules when users' descriptions comprise multiple credentials with redundant attributes.

Original languageBritish English
Pages (from-to)363-374
Number of pages12
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3579
DOIs
StatePublished - 2005
Event5th International Conference on Web Engineering, ICWE 2005 - Sydney, Australia
Duration: 27 Jul 200529 Jul 2005

Fingerprint

Dive into the research topics of 'Offline expansion of XACML policies based on P3P metadata'. Together they form a unique fingerprint.

Cite this