@InCollection{	  brucker.ea:efficient:2010,
  author	= {Achim D. Brucker and Helmut Petritsch},
  booktitle	= {International Symposium on Engineering Secure Software and
		  Systems (ESSoS)},
  language	= {USenglish},
  editor	= {F. Massacci and D. Wallach and N. Zannone},
  publisher	= {Springer-Verlag},
  address	= {Heidelberg},
  series	= {Lecture Notes in Computer Science},
  title		= {Idea: Efficient Evaluation of Access Control Constraints},
  year		= {2010},
  pages		= {157--165},
  number	= {5965},
  doi		= {10.1007/978-3-642-11747-3_12},
  isbn		= {978-3-642-11746-6},
  classification= {conference},
  areas		= {security, software},
  public	= {yes},
  abstract	= {Business requirements for modern enterprise systems
		  usually comprise a variety of dynamic constraints, i.e.,
		  constraints that require a complex set of context
		  information only available at runtime. Thus, the efficient
		  evaluation of dynamic constraints, e.g., expressing
		  separation of duties requirements, becomes an important
		  factor for the overall performance of the access control
		  enforcement.
		  
		  Especially in highly distributed systems, e.g., systems
		  based on the service-oriented architecture (SOA) paradigm,
		  the time for evaluating access control constraints depends
		  significantly on the protocol between the central policy
		  decision point (PDP) and the distributed policy enforcement
		  points (PEP).
		  
		  In this paper, we present an policy-driven approach for
		  generating customized protocol for the communication
		  between the PDP and the pep. Moreover, we provide a
		  detailed comparison of several approaches for querying
		  context information during the evaluation of access control
		  constraints.},
  keywords	= {distributed policy enforcement, XACML, access control},
  pdf		= {http://www.brucker.ch/bibliography/download/2010/brucker.ea-efficient-2010.pdf},
  url		= {http://www.brucker.ch/bibliography/abstract/brucker.ea-efficient-2010}
		  
}