Purpose – The paper aims to propose a flexible framework to support X‐STROWL model. Extensible access control markup language (XACML) is an international standard used for access control in distributed systems. However, XACML and its existing extensions are not sufficient to fulfill sophisticated security requirements (e.g. access control based on user’s roles, context‐aware authorizations and the ability of reasoning). Remarkably, X‐STROWL, a generalized extension of XACML for spatiotemporal role‐based access control (RBAC) model with reasoning ability, is a comprehensive model that overcomes these shortcomings. It mainly focuses on the architecture design as well as the implementation and evaluation of proposed framework and the comparison with others. Design/methodology/approach – Based on the concept of X‐STROWL model, the paper reviewed a large amount of open sources implementing XACML with defined criteria and chose the most suitable framework to be extended for the implementation. The paper also presented a case study used to evaluate the research result. Findings – Holistic enterprise‐ready application security framework – architecture framework (HERAS‐AF) is chosen as the most suitable framework to be extended to implement X‐STROWL model. Extending HERAS‐AF to support spatiotemporal aspect and other contextual conditions as well as the way to integrate security in the access request, together with ability of reasoning for hierarchical roles, are striking features that make the proposed framework able to meet more sophisticated security requirements in comparison with others. Research limitations/implications – Due to the research content, the performance of proposed framework is not the focused issue of this work. Originality/value – The proposed framework is a crucial contribution of our research to provide a holistic, extensible and intelligent authorization decision engine.
International Journal of Web Information Systems – Emerald Publishing
Published: Jun 10, 2014
Keywords: Access control model; GIS database; HERAS‐AF; Security engineering; X‐STROWL; XACML; Spatiotemporal data