The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

An Algebra for Fine-Grained Integration of XACML Policies


Download PDF Document


Prathima Rao, Dan Lin, Elisa Bertino, Ninghui Li, Jorge Lobo

Tech report number

CERIAS TR 2008-21

Entry type



Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. In this paper, we introduce an algebra for fine-grained integration of sophisticated policies. The algebra is able to support the specification of a large variety of integration constraints. To assess the expressive power of our algebra, we prove its completeness and minimality. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams.



Key alpha

access control


Purdue University, IBM T.J. Waston

Publication Date




BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.