Policy Administration Control and Delegation Using XACML and Delegent

• Published in: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing pp. 49 - 54
• Main Authors: Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B. S., Mulmo, O.
• Format: Conference Proceeding
• Language: English
• Published: Washington, DC, USA IEEE Computer Society 13.11.2005; IEEE
• Series: ACM Conferences
• Subjects: Access control; Applied computing; Applied computing > Document management and text processing; Applied computing > Document management and text processing > Document preparation; Authorization; Computer networks; Control systems; Grid computing; Peer to peer computing; Permission; Resource management; Security and privacy; Security and privacy > Security services; Security and privacy > Security services > Access control; Silicon carbide; XML
• ISBN: 0780394925; 9780780394926
• ISSN: 2152-1085
• DOI: 10.1109/GRID.2005.1542723

In this paper we present a system permitting controlled policy administration and delegation using the XACML access control system. The need for these capabilities stems from the use of XACML in the SweGrid Accounting System, which is used to enforce resource allocations to Swedish research projects. Our solution uses a second access control system Delegent, which has powerful delegation capabilities. We have implemented limited XML access control in Delegent, in order to supervise modifications of the XML-encoded XACML policies. This allows us to use the delegation capabilities of Delegent together with the expressive access level permissions of XACML.