X- RBAC : An Access Control Language for Multi-domain Environments
James Joshi, Rafae Bhatti, Elisa Bertino, Arif Ghafoor
Tech report number
CERIAS TR 2004-46
A multi-domain application environment consists of distributed multiple organizations, each employing its own security policy, allowing highly intensive inter-domain accesses. Ensuring security in such an environment poses several challenges. XML technologies are being perceived as the most promising approach for developing pragmatic security solutions for such environments because of the integration and interoperation framework they provide. In this paper, we highlight these challenges and propose an XML-based access control specification language called X-RBAC that addresses policy specification needs of a multi-domain environment. Our specification language is based on an extension of the widely accepted NIST RBAC model. X-RBAC allows specification of RBAC policies and facilitates specification of timing constraints on roles as well as context and content-based access requirements. Furthermore, it provides a framework for specifying mediation policies in a multi-domain environment where RBAC policies have been employed.
University of Pittsburgh and Purdue University
XML, RBAC, Access Control Policy, Multi-domain