Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

被引：68

作者：

Ferraiolo, David ^{[1
]}

Chandramouli, Ramaswamy ^{[1
]}

Kuhn, Rick ^{[1
]}

Hu, Vincent ^{[1
]}

机构：

[1] NIST, Gaithersburg, MD 20899 USA

来源：

ABAC'16: PROCEEDINGS OF THE 2016 ACM INTERNATIONAL WORKSHOP ON ATTRIBUTE BASED ACCESS CONTROL | 2016年

关键词：

ABAC; XACML; NGAC; Policy Machine; Access Control;

D O I：

10.1145/2875491.2875496

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing and enforcing vastly diverse access control policies in support of various types of data services. The two standards differ with respect to the manner in which access control policies and attributes are specified and managed, and decisions are computed and enforced. This paper is presented as a consolidation and refinement of public draft NIST SP 800-178 [21], describing, and comparing these two standards.

引用

页码：13 / 24

页数：12

共 21 条

[1]

[Anonymous], EXT ACC CONTR MARK L

[2]

[Anonymous], 2004, XACML PROF ROL BAS A

[3]

[Anonymous], 526 INCITS AM NAT ST

[4]

Bell D.E., 1976, ESDTR75306 MITRE COR

[5]

Brewer D.F.C., 1989, 1989 IEEE S SEC PRIV, P206

[6]

DoD Computer Security Center, 1985, TRUST COMP SYST EV C

[7]

Ferraiolo D.F., 2005, SACMAT '05, P11

[8]

Ferraiolo D. F., 2015, NIST

[9]

Ferraiolo D, 2014, 2014 IEEE 15TH INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION (IRI), P450, DOI 10.1109/IRI.2014.7051924

[10] The Policy Machine: A novel architecture and framework for access control policy specification and enforcement [J].

Ferraiolo, David ;

Atluri, Vijayalakshmi ;

Gavrila, Serban .

JOURNAL OF SYSTEMS ARCHITECTURE, 2011, 57 (04) :412-424

← 1 2 3 →