Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Towards a flexible framework to support a generalized extension of XACML for spatio‐temporal RBAC model with reasoning ability

Towards a flexible framework to support a generalized extension of XACML for spatio‐temporal RBAC... Purpose – The paper aims to propose a flexible framework to support X‐STROWL model. Extensible access control markup language (XACML) is an international standard used for access control in distributed systems. However, XACML and its existing extensions are not sufficient to fulfill sophisticated security requirements (e.g. access control based on user’s roles, context‐aware authorizations and the ability of reasoning). Remarkably, X‐STROWL, a generalized extension of XACML for spatiotemporal role‐based access control (RBAC) model with reasoning ability, is a comprehensive model that overcomes these shortcomings. It mainly focuses on the architecture design as well as the implementation and evaluation of proposed framework and the comparison with others. Design/methodology/approach – Based on the concept of X‐STROWL model, the paper reviewed a large amount of open sources implementing XACML with defined criteria and chose the most suitable framework to be extended for the implementation. The paper also presented a case study used to evaluate the research result. Findings – Holistic enterprise‐ready application security framework – architecture framework (HERAS‐AF) is chosen as the most suitable framework to be extended to implement X‐STROWL model. Extending HERAS‐AF to support spatiotemporal aspect and other contextual conditions as well as the way to integrate security in the access request, together with ability of reasoning for hierarchical roles, are striking features that make the proposed framework able to meet more sophisticated security requirements in comparison with others. Research limitations/implications – Due to the research content, the performance of proposed framework is not the focused issue of this work. Originality/value – The proposed framework is a crucial contribution of our research to provide a holistic, extensible and intelligent authorization decision engine. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Web Information Systems Emerald Publishing

Towards a flexible framework to support a generalized extension of XACML for spatio‐temporal RBAC model with reasoning ability

Loading next page...
 
/lp/emerald-publishing/towards-a-flexible-framework-to-support-a-generalized-extension-of-MHjbqIdf06
Publisher
Emerald Publishing
Copyright
Copyright © 2014 Emerald Group Publishing Limited. All rights reserved.
ISSN
1744-0084
DOI
10.1108/IJWIS-12-2013-0037
Publisher site
See Article on Publisher Site

Abstract

Purpose – The paper aims to propose a flexible framework to support X‐STROWL model. Extensible access control markup language (XACML) is an international standard used for access control in distributed systems. However, XACML and its existing extensions are not sufficient to fulfill sophisticated security requirements (e.g. access control based on user’s roles, context‐aware authorizations and the ability of reasoning). Remarkably, X‐STROWL, a generalized extension of XACML for spatiotemporal role‐based access control (RBAC) model with reasoning ability, is a comprehensive model that overcomes these shortcomings. It mainly focuses on the architecture design as well as the implementation and evaluation of proposed framework and the comparison with others. Design/methodology/approach – Based on the concept of X‐STROWL model, the paper reviewed a large amount of open sources implementing XACML with defined criteria and chose the most suitable framework to be extended for the implementation. The paper also presented a case study used to evaluate the research result. Findings – Holistic enterprise‐ready application security framework – architecture framework (HERAS‐AF) is chosen as the most suitable framework to be extended to implement X‐STROWL model. Extending HERAS‐AF to support spatiotemporal aspect and other contextual conditions as well as the way to integrate security in the access request, together with ability of reasoning for hierarchical roles, are striking features that make the proposed framework able to meet more sophisticated security requirements in comparison with others. Research limitations/implications – Due to the research content, the performance of proposed framework is not the focused issue of this work. Originality/value – The proposed framework is a crucial contribution of our research to provide a holistic, extensible and intelligent authorization decision engine.

Journal

International Journal of Web Information SystemsEmerald Publishing

Published: Jun 10, 2014

Keywords: Access control model; GIS database; HERAS‐AF; Security engineering; X‐STROWL; XACML; Spatiotemporal data

References