Abstract
Data federations provide seamless access to multiple heterogeneous and autonomous data sources pertaining to a large organization. As each source database defines its own access control policies for a set of local identities, enforcing such policies across the federation becomes a challenge. In this article, we first consider the problem of translating existing access control policies defined over source databases in a manner that allows the original semantics to be observed while becoming applicable across the entire data federation. We show that such a translation is always possible, and provide an algorithm for automating the translation. We show that verifying whether a translated policy obeys the semantics of the original access control policy defined over a source database is intractable, even under restrictive scenarios. We then describe a practical algorithmic framework for translating relational access control policies into their XML equivalent, expressed in the eXtensible Access Control Markup Language. Finally, we examine the difficulty of minimizing translated policies, and contribute a minimization algorithm applicable to nonrecursive translated policies.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference33 articles.
1. Anderson A. 2005. Hierarchical resource profile of XACML v2.0. OASIS standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-hier-profile-spec-os.pdf. Anderson A. 2005. Hierarchical resource profile of XACML v2.0. OASIS standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-hier-profile-spec-os.pdf.
2. Securing XML documents with Author-X
3. A temporal key management scheme for secure broadcasting of XML documents
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献