By Topic

An extensible XACML authorization decision engine for context aware applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Marwan Cheaito ; IRIT/SIERA - University Paul Sabatier, France ; Romain Laborde ; François Barrère ; Abdelmalek Benzekri

Context-awareness is a central aspect of pervasive computing applications. However, the information representing a context evolves with the capability of the technology embedded in pervasive devices. As a consequence, access control systems should be able to support and understand any new context information in order to address access control requirements. In this article, we present an extensible XACML (eXtensible Access Control Markup Language) authorization decision engine to provide such flexibility. In attribute based access control like XACML, extending the policy authorization engine means extending its ability to understand new attributes data types including the functions that are used in the policy to evaluate the users' requests. We show there are two kinds of data types to consider in the context of access control system: data types of which both the values and the order relations are initially known, and data types of which neither the value nor the relation order are initially known. Based on this analysis, we present an extensible architecture for implementing XACML decision authorization engine composed of a core component that can be enhanced by additional data type modules. This architecture has been implemented in Java and includes an API for writing new data type modules.

Published in:

Pervasive Computing (JCPC), 2009 Joint Conferences on

Date of Conference:

3-5 Dec. 2009