NIST logo

Publication Citation: Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints

NIST Authors in Bold

Author(s): Ramaswamy Chandramouli;
Title: Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints
Published: July 30, 2003
Abstract: The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise access control data developed based on that model, for conformance to the model as well as domain-specific policy constraints and (c) a mechanism to map the enterprise access control data into formats required by native access enforcement mechanisms in the heterogeneous application systems in the enterprise. In this paper we chose the Role-based Access Control Model (RBAC) as a candidate for the enterprise access control model. We develop an XML Schema of an RBAC Model for a specific enterprise context and demonstrate the use of schema features to specify structural and some rudimentary domain constraints. We then annotate that XML Schema of an Enterprise RBAC Model to demonstrate specification and enforcement of some important domain-specific policy constraint using the Schematron language. [Recipient of Best Paper Award]
Conference: 7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003)
Pages: 6 pp.
Location: Orlando, FL
Dates: July 27-30, 2003
Keywords: Enterprise Access Control Data; Policy Constraints; RBAC; Role-Based Access Control; XML Schema
Research Areas: Computer Security
PDF version: PDF Document Click here to retrieve PDF version of paper (56KB)