X- RBAC : An Access Control Language for Multi-domain Environments


Download PDF Document


James Joshi, Rafae Bhatti, Elisa Bertino, Arif Ghafoor

Tech report number

CERIAS TR 2004-46

Entry type



A multi-domain application environment consists of distributed multiple organizations, each employing its own security policy, allowing highly intensive inter-domain accesses. Ensuring security in such an environment poses several challenges. XML technologies are being perceived as the most promising approach for developing pragmatic security solutions for such environments because of the integration and interoperation framework they provide. In this paper, we highlight these challenges and propose an XML-based access control specification language called X-RBAC that addresses policy specification needs of a multi-domain environment. Our specification language is based on an extension of the widely accepted NIST RBAC model. X-RBAC allows specification of RBAC policies and facilitates specification of timing constraints on roles as well as context and content-based access requirements. Furthermore, it provides a framework for specifying mediation policies in a multi-domain environment where RBAC policies have been employed.



Key alpha

access control


Purdue University


University of Pittsburgh and Purdue University

Publication Date



XML, RBAC, Access Control Policy, Multi-domain

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.