TY  - CHAP
AU  - Brucker, Achim D.
AU  - Petritsch, Helmut
ED  - Massacci, F.
ED  - Wallach, D.
ED  - Zannone, N.
PY  - 2010//
TI  - Idea: Efficient Evaluation of Access Control Constraints
BT  - International Symposium on Engineering Secure Software and Systems (ESSoS)
T3  - Lecture Notes in Computer Science
SP  - 157
EP  - 165
IS  - 5965
PB  - Springer-Verlag
CY  - Heidelberg
KW  - distributed policy enforcement, XACML, access control
N2  - Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i.e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e.g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement. Especially in highly distributed systems, e.g., systems based on the service-oriented architecture (SOA) paradigm, the time for evaluating access control constraints depends significantly on the protocol between the central policy decision point (PDP) and the distributed policy enforcement points (PEP). In this paper, we present an policy-driven approach for generating customized protocol for the communication between the PDP and the pep. Moreover, we provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.
SN  - 978-3-642-11746-6
UR  - http://www.brucker.ch/bibliography/abstract/brucker.ea-efficient-2010
L1  - http://www.brucker.ch/bibliography/download/2010/brucker.ea-efficient-2010.pdf
UR  - http://dx.doi.org/10.1007/978-3-642-11747-3_12
ID  - brucker.ea:efficient:2010
ER  -