Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints

Published

Author(s)

Ramaswamy Chandramouli

Abstract

The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise access control data developed based on that model, for conformance to the model as well as domain-specific policy constraints and (c) a mechanism to map the enterprise access control data into formats required by native access enforcement mechanisms in the heterogeneous application systems in the enterprise. In this paper we chose the Role-based Access Control Model (RBAC) as a candidate for the enterprise access control model. We develop an XML Schema of an RBAC Model for a specific enterprise context and demonstrate the use of schema features to specify structural and some rudimentary domain constraints. We then annotate that XML Schema of an Enterprise RBAC Model to demonstrate specification and enforcement of some important domain-specific policy constraint using the Schematron language. [Recipient of Best Paper Award]
Conference Dates
July 27-30, 2003
Conference Location
Orlando, FL
Conference Title
7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003)

Keywords

Enterprise Access Control Data, Policy Constraints, RBAC, Role-Based Access Control, XML Schema

Citation

Chandramouli, R. (2003), Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints, 7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003), Orlando, FL, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50734 (Accessed March 19, 2024)
Created July 30, 2003, Updated February 19, 2017