走向自包含授权策略

2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI:10.1109/POLICY.2010.18

R. Laborde, Marwan Cheaito, F. Barrère, A. Benzekri

{"title":"走向自包含授权策略","authors":"R. Laborde, Marwan Cheaito, F. Barrère, A. Benzekri","doi":"10.1109/POLICY.2010.18","DOIUrl":null,"url":null,"abstract":"One of the key motivations of policy-based management is flexibility and adaptability to existing infrastructure and change management. In the context of security, modern policy languages such as XACML are extensible and support natively the expression of new information and manipulation operations. However, policy engines, which evaluate users’ requests according to policies, may not support this new policy information. As a consequence, policy writers have to verify whether the target policy engine can execute his/her policy or not when (s)he writes it. In this article, we introduce the concept of self-contained policy to solve this deployment issue. A self-contained policy includes all the necessary information required by a policy engine to execute a policy. We propose a service component based architecture to support self-contained policies.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"2612 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Toward Self-Contained Authorization Policies\",\"authors\":\"R. Laborde, Marwan Cheaito, F. Barrère, A. Benzekri\",\"doi\":\"10.1109/POLICY.2010.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the key motivations of policy-based management is flexibility and adaptability to existing infrastructure and change management. In the context of security, modern policy languages such as XACML are extensible and support natively the expression of new information and manipulation operations. However, policy engines, which evaluate users’ requests according to policies, may not support this new policy information. As a consequence, policy writers have to verify whether the target policy engine can execute his/her policy or not when (s)he writes it. In this article, we introduce the concept of self-contained policy to solve this deployment issue. A self-contained policy includes all the necessary information required by a policy engine to execute a policy. We propose a service component based architecture to support self-contained policies.\",\"PeriodicalId\":143330,\"journal\":{\"name\":\"2010 IEEE International Symposium on Policies for Distributed Systems and Networks\",\"volume\":\"2612 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE International Symposium on Policies for Distributed Systems and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/POLICY.2010.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2010.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

基于策略的管理的主要动机之一是对现有基础设施和变更管理的灵活性和适应性。在安全上下文中，现代策略语言(如XACML)是可扩展的，并且支持新信息的表达和操作操作。但是，根据策略评估用户请求的策略引擎可能不支持这种新的策略信息。因此，策略编写者在编写策略时必须验证目标策略引擎是否可以执行他/她的策略。在本文中，我们将引入自包含策略的概念来解决这个部署问题。自包含策略包括策略引擎执行策略所需的所有必要信息。我们提出了一个基于服务组件的体系结构来支持自包含策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Toward Self-Contained Authorization Policies

One of the key motivations of policy-based management is flexibility and adaptability to existing infrastructure and change management. In the context of security, modern policy languages such as XACML are extensible and support natively the expression of new information and manipulation operations. However, policy engines, which evaluate users’ requests according to policies, may not support this new policy information. As a consequence, policy writers have to verify whether the target policy engine can execute his/her policy or not when (s)he writes it. In this article, we introduce the concept of self-contained policy to solve this deployment issue. A self-contained policy includes all the necessary information required by a policy engine to execute a policy. We propose a service component based architecture to support self-contained policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 IEEE International Symposium on Policies for Distributed Systems and Networks

自引率

0.00%

发文量