Overriding of Access Control in XACML

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ja'far Alqatawna Articles by Erik Rissanen Articles by Babak Sadighi

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)

Bologna, Italy

June 13-June 15

ISBN: 0-7695-2767-1

	ASCII Text	x
	Ja'far Alqatawna, Erik Rissanen, Babak Sadighi, "Overriding of Access Control in XACML," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 87-95, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07), 2007.

	BibTex	x
	@article{ 10.1109/POLICY.2007.31, author = {Ja'far Alqatawna and Erik Rissanen and Babak Sadighi}, title = {Overriding of Access Control in XACML}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2007}, isbn = {0-7695-2767-1}, pages = {87-95}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.31}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Overriding of Access Control in XACML SN - 0-7695-2767-1 SP87 EP95 A1 - Ja'far Alqatawna, A1 - Erik Rissanen, A1 - Babak Sadighi, PY - 2007 KW - null VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

Ja'far Alqatawna, Swedish Institute of Computer Science, Sweden

Erik Rissanen, Swedish Institute of Computer Science, Sweden

Babak Sadighi, Swedish Institute of Computer Science, Sweden

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.31

Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the eXtensible Access Control Markup Language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism.

Citation:

Ja'far Alqatawna, Erik Rissanen, Babak Sadighi, "Overriding of Access Control in XACML," policy, pp.87-95, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.