Enhancements of XACML: policy evaluation optimization and policy expressivity extension through business rules (2008)
SAP Labs France (Sophia-Antipolis, France)
Nowadays XACML (eXtensible Markup Language) is the de facto standard of access control mechanisms to federated resources provided by SOA (Service Oriented Architecture). The standard is based on the XML language; on one hand it guarantees the portability among different platform and operating systems, but on the other hand the verbosity of the language does not facilitate the development of fast policy evaluation engines. Moreover, the standard lacks of a clear and simple way to express rich access control rules involving cardinality or periodicity constraints.
The aim of the research was twofold. Firstly, to design an algorithm to improve the performance of the policy optimization. Secondly, to develop a software architecture to transparently extend the XACML standard in order to manage richer access control policies which comprise cardinality and periodicity constraints.