Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Overriding of Access Control in XACML
RISE, Swedish ICT, SICS.ORCID iD: 0000-0002-9246-4480
RISE, Swedish ICT, SICS.ORCID iD: 0000-0003-0231-8015
2007 (English)In: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007, 1, , 9 p.Conference paper, Published paper (Refereed)
Abstract [en]

Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the eXtensible Access Control Markup Language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism.

Place, publisher, year, edition, pages
2007, 1. , 9 p.
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-22380DOI: 10.1109/POLICY.2007.31OAI: oai:DiVA.org:ri-22380DiVA: diva2:1041925
Conference
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 13-15 June 2007, Bologna, Italy
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2018-01-14Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Rissanen, ErikSadighi, Babak
By organisation
SICS
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 16 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.30.0