An access control service for dynamic and hierarchical resources:Declarative model and implementation on top of XACML
The increasing complexity of (distributed) information systems requires new solutions for dealing with access control problems. In particular, information systems are based on a large number of resources, with very complex structure, that must be accessed by a large variety of users. Traditional and instance based solutions are not adequate. In this paper, we propose a new approach to the problem. First of all, we define an access control model which is declarative, modular, hierarchical and instance independent, so that it is suitable for highly dynamic contexts. Then, we reports about the implementation of a Profile Service, which effectively exploits the XACML technology to simplify and shorten the development.
Full Text: PDF