Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
3.3.1. XACML - an introduction Similar to P3P and EPAL, XACML is implemented using XML-files. It also uses the already common approach of defining one policy which includes several rules. It is checked whether a rule applies and what the effect of this rule is (the request is allowed or denied) based on given conditions. Such matches are being performed if a request has been sent whereas the necessary information to decide whether the request matches the rule under given conditions is provided with the request. These similarities are no coincidence as EPAL 1.1 used XACML explicitly and EPAL 1.2 uses a lot of XACML’s concepts such as attributes, rules, conditions, etc [Sun05]. Furthermore, XACML is based on a previous project of IBM - the XML Access Control Language (XACL) [Cov08b]. However, [Sun05] highlights some difference between EPAL and XACML, especially when it comes to the evaluation of rules. Whereas in EPAL the first rule which conditions are met is applicable (the descending precedence of rules was already described above), XACML has a combined algorithm in place. That means if in XACML policies several rules match one request, a choice is given to the user which rule to apply. Although there are some other key differences between EPAL and XACML, EPAL remains a subset of XACML - interested readers should consult [Sun05] for more detail on that issue. 3.3.2. Requirements and structure of XACML The XACML specification defines some non-normative requirements which are generic requirements for a policy language. It does, however, of course also defines XACML specific requirements which are going to be shortly discussed in this section: • The three basic XACML elements are POLICYSET, POLICY and RULE. Similar to the previously introduced privacy standards, a policy-set can contain one or more policies and one policy can contain one or more rules. Data access requests have to go through a Policy Enforcement Point (PEP). This PEP formulates a request for an authorization decision which is then sent to a Policy Decision Point (PDP). This PDP evaluates the existing policies and sends the authorization decision (Permit, Deny, NotApplicable) back to the PEP. • To decide on the authorization, the combining algorithm mentioned above comes into place. It has to ensure that only one policy or policy-set is applicable. If no policy or policy-set is applicable, it returns NotApplicable, if more than one policy or policy-set is applicable, it returns Indeterminate. • XACML supports Role Based Access Control (RBAC). This means that a subject can hold a role (e.g. IT-Manager) and that such roles have to be considered when making authorization decisions. This collection of specifications was just exemplary. For a full list of requirements readers should consult the XACML specification. 36
Once all the requirements have been fulfilled, requests can be matched to policies. Listing 3.9 shows a basic example of an XACML request. It states that the subject, Bart Simpson with the e-mail address bs@simpsons.com, wants to access (to be precise read) a certain resource, in this case his medical file at path file://example/med/record/patient/Bart- Simpson. This request would then be matched with the corresponding policy and if applicable, the request would be allowed or denied. bs@simpsons . com f i l e : // example /med/ record / p a t i e n t / BartSimpson read Listing 3.9: Basic XACML request example (Source: [OAS05]) 37
- Page 1: Wirtschaftsuniversität Wien Magist
- Page 4 and 5: Contents Abbreviations vii Listings
- Page 6 and 7: II. Applied part 53 6. Development
- Page 8 and 9: Listings viii 3.1. HTTP response he
- Page 10 and 11: List of Tables x 3.1. PURPOSE sub-e
- Page 12 and 13: 1. Introduction This thesis address
- Page 14 and 15: In addition, the applied part of th
- Page 16 and 17: 2. Privacy Threats Privacy is the
- Page 18 and 19: term friendly fraud relates to legi
- Page 20 and 21: over iGoogle, search Wikipedia via
- Page 22 and 23: collect a lot of personal data abou
- Page 24 and 25: 2.4. Privacy sensitive technologies
- Page 26 and 27: • Data necessary to identify the
- Page 28 and 29: 3. Privacy Standards The following
- Page 30 and 31: The well-known location method (whi
- Page 32 and 33: • User Preferences: User-agents m
- Page 34 and 35: Another important issue for policy
- Page 36 and 37: 1 M i c r o s o f t Way< /DATA> Red
- Page 38 and 39: 28 PURPOSE Plain Language Translati
- Page 40 and 41: Finally, an example should be provi
- Page 42 and 43: • There is a commercial P3P polic
- Page 44 and 45: Element Value ruling allow user cat
- Page 48 and 49: 3.3.3. Summary The introduced priva
- Page 50 and 51: specified conditions” [ISO01a]. T
- Page 52 and 53: applied to this characteristic too,
- Page 54 and 55: Figure 5.1.: Microsoft Internet Exp
- Page 56 and 57: 5.1.2. Firefox The Mozilla Foundati
- Page 58 and 59: shortcuts and context-menu, users s
- Page 60 and 61: 5.3. Proxies In this section, proxi
- Page 62 and 63: 52 Figure 5.10.: The settings dialo
- Page 64 and 65: 6. Development of a Privacy Plug-In
- Page 66 and 67: • components directory: this dire
- Page 68 and 69: Speaking of information it has to b
- Page 70 and 71: Figure 6.2.: Displaying the P3P pol
- Page 72 and 73: matches the users preferences befor
- Page 74 and 75: Figure 6.4.: The privacy policy of
- Page 76 and 77: is different from the one available
- Page 78 and 79: access elements in a policy which i
- Page 80 and 81: implementation available although t
- Page 82 and 83: [Dro06] Dennis Drotar, Rachel Green
- Page 84 and 85: [Kob07] Alfred Kobsa. Privacy-enhan
- Page 86 and 87: [Oli04] Nadia Olivero and Peter Lun
- Page 88 and 89: [Woo06] Jisuk Woo. The right not to
- Page 90 and 91: M i c r o s o f t i s a premier spo
- Page 92 and 93: 82
- Page 94 and 95: B. E-Mail correspondence Subject :
3.3.1. XACML - an introduction<br />
Similar to P3P and EPAL, XACML is implemented using XML-files. It also uses the already<br />
common approach of defining one policy which includes several rules. It is checked<br />
whether a rule applies and what the effect of this rule is (the request is allowed or denied)<br />
based on given conditions. Such matches are being performed if a request has been sent<br />
whereas the necessary information to decide whether the request matches the rule under<br />
given conditions is provided with the request. These similarities are no coincidence as<br />
EPAL 1.1 used XACML explicitly and EPAL 1.2 uses a lot of XACML’s concepts such as<br />
attributes, rules, conditions, etc [Sun05]. Furthermore, XACML is based on a previous<br />
project of IBM - the XML Access Control Language (XACL) [Cov08b].<br />
However, [Sun05] highlights some difference between EPAL and XACML, especially<br />
when it comes to the evaluation of rules. Whereas in EPAL the first rule which conditions<br />
are met is applicable (the descending precedence of rules was already described<br />
above), XACML has a combined algorithm in place. That means if in XACML policies<br />
several rules match one request, a choice is given to the user which rule to apply. Although<br />
there are some other key differences between EPAL and XACML, EPAL remains<br />
a subset of XACML - interested readers should consult [Sun05] for more detail on that<br />
issue.<br />
3.3.2. Requirements and structure of XACML<br />
The XACML specification defines some non-normative requirements which are generic<br />
requirements for a policy language. It does, however, of course also defines XACML<br />
specific requirements which are going to be shortly discussed in this section:<br />
• The three basic XACML elements are POLICYSET, POLICY and RULE. Similar<br />
to the previously introduced privacy standards, a policy-set can contain one or<br />
more policies and one policy can contain one or more rules. Data access requests<br />
have to go through a Policy Enforcement Point (PEP). This PEP formulates a<br />
request for an authorization decision which is then sent to a Policy Decision Point<br />
(PDP). This PDP evaluates the existing policies and sends the authorization decision<br />
(Permit, Deny, NotApplicable) back to the PEP.<br />
• To decide on the authorization, the combining algorithm mentioned above comes<br />
into place. It has to ensure that only one policy or policy-set is applicable. If no<br />
policy or policy-set is applicable, it returns NotApplicable, if more than one policy<br />
or policy-set is applicable, it returns Indeterminate.<br />
• XACML supports Role Based Access Control (RBAC). This means that a subject<br />
can hold a role (e.g. IT-Manager) and that such roles have to be considered when<br />
making authorization decisions.<br />
This collection of specifications was just exemplary. For a full list of requirements readers<br />
should consult the XACML specification.<br />
36