Enterprise Access Control Frameworks Using RBAC and XML Technologies
In this chapter, we show that we can develop an Enterprise Access Control Framework using Role-based Access Control (RBAC) and Extensible Markup Language (XML) technologies. In the first section, we outline the general requirements for the Enterprise Access Control Model (EAM) and describe as to how RBAC meets those requirements. We call the resultant RBAC model as the "Enterprise RBAC Model". In the second section we briefly outline the facilities that XML technologies provides for specification and processing of structured data. The meat of this chapter is in the third section where a detailed description of the development of an Enterprise RBAC Model for a commercial bank is provided using one of the XML schema languages called the "XML Schema." In the rest of the sections we illustrate as to how XML APIs and toolsets can be utilized to perform tasks of validating the enterprise access control data in the XML document for conformance to the specification of the Enterprise RBAC Model and for mapping this data into different formats required by the access control modules in platforms hosting the various application systems of the enterprise.
Role-Based Access Control
Artech House, Norwood, MA
Enterprise access control framework, role-based access control models, XML schemas