Context dependent revocation in delegated XACML
Number of Authors: 2
2008 (English)Report (Other academic)
The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes a revocation model for delegated XACML. A novel feature of this model is that whether a revocation is valid or not, depends not only on who issued the revocation, but also on the context in which an attempt to use the revoked policy is done.
Place, publisher, year, edition, pages
Kista, Sweden: Swedish Institute of Computer Science , 2008, 1. , 13 p.
SICS Technical Report, ISSN 1100-3154 ; 2008:10
Computer and Information Science
IdentifiersURN: urn:nbn:se:ri:diva-22938OAI: oai:DiVA.org:ri-22938DiVA: diva2:1042503