NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints

Published

Author(s)

Ramaswamy Chandramouli

Abstract

The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise access control data developed based on that model, for conformance to the model as well as domain-specific policy constraints and (c) a mechanism to map the enterprise access control data into formats required by native access enforcement mechanisms in the heterogeneous application systems in the enterprise. In this paper we chose the Role-based Access Control Model (RBAC) as a candidate for the enterprise access control model. We develop an XML Schema of an RBAC Model for a specific enterprise context and demonstrate the use of schema features to specify structural and some rudimentary domain constraints. We then annotate that XML Schema of an Enterprise RBAC Model to demonstrate specification and enforcement of some important domain-specific policy constraint using the Schematron language. [Recipient of Best Paper Award]
Conference Dates
July 27-30, 2003
Conference Location
Orlando, FL
Conference Title
7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003)
Pub Type
Conferences

Download Paper

Local Download

Keywords

Enterprise Access Control Data, Policy Constraints, RBAC, Role-Based Access Control, XML Schema
Cybersecurity and privacy

Citation

Chandramouli, R. (2003), Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints, 7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003), Orlando, FL, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50734 (Accessed October 14, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 30, 2003, Updated February 19, 2017
Was this page helpful?