Context dependent revocation in delegated XACML

Seitz, Ludwig and Rissanen, Eric (2008) Context dependent revocation in delegated XACML. [SICS Report]



The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes a revocation model for delegated XACML. A novel feature of this model is that whether a revocation is valid or not, depends not only on who issued the revocation, but also on the context in which an attempt to use the revoked policy is done.

Item Type:SICS Report
ID Code:3521
Deposited By:Vicki Carleson
Deposited On:13 Jan 2009
Last Modified:18 Nov 2009 16:23

Repository Staff Only: item control page