publication . Part of book or chapter of book . 2002

RBAC Policies in XML for X.509 Based Privilege Management

Alexander Otenko; David W. Chadwick;
Open Access English
  • Published: 01 Apr 2002
  • Publisher: Springer
  • Country: United Kingdom
This paper describes a role based access control policy template for use by privilege management infrastructures where the roles are stored as X.509 Attribute Certificates in an LDAP directory. There is a brief description of the X.509 privilege management model, and how it can be used to implement RBAC. Policies that conform to the template are written in XML, and the template is specified as a DTD. (A future version will specify it as an XML schema). The policy is designed to be used by the PERMIS API, a Java specification for an Access Control Decision Function based on the ISO 10181 Access Control Framework and the Open Group’s AZN API.
free text keywords: QA76, XML validation, XML Schema Editor, XML Encryption, Role-based access control, Document Structure Description, XML schema, computer.programming_language, computer, Database, computer.software_genre, Efficient XML Interchange, computer.file_format, Computer science, Privilege Management Infrastructure
Related Organizations
Download fromView all 2 versions
Kent Academic Repository
Part of book or chapter of book . 2002
Part of book or chapter of book
Provider: UnpayWall
Part of book or chapter of book . 2012
Provider: Crossref

[ACF] ITU-T Rec X.812 (1995) | ISO/IEC 10181-3:1996 “Security Frameworks for open systems: Access control framework”

[ACM] ACM Workshop on Role Based Access Control, 1996-2001. See for proceedings.

[Adams] Adams, C., Lloyd, S. (1999). “Understanding Public-Key Infrastructure : Concepts, Standards, and Deployment Considerations”. Macmillan Technical Publishing, 1999

[Austin] Austin, T. “PKI, A Wiley Tech Brief”, John Wiley and Son, ISBN: 0-471- 35380-9, 2000

[DN] Wahl, M., Kille, S., Howes, T. "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", RFC2253, December 1997.

[Housley] Housley, R., Polk, T. “Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure”. John Wiley and Son, ISBN: 0-471-39702-4, 2001

[LDAP] Wahl, M., Howes, T., Kille, S. “Lightweight Directory Access Protocol (v3)”, RFC 2251, Dec. 1997

[Policy] B.Moore, E. Ellesson, J. Strassner, A. Westerinen. “Policy Core Information Model -- Version 1 Specification”. RFC 3060, February 2001.

[Sandhu] Sandhu, R.S., Coyne, E.J., Feinstein , H.L., Youman, C.E. “Role Based Access Control Models”. IEEE Computer 29, 2 (Feb 1996), p38-43.

[X501] ISO/ITU-T Rec. X.501(1997) The Directory: Models [X509] ISO/ITU-T Rec. X.509(2001) The Directory: Authentication Framework This work has been 50% funded by the EC Information Society Initiative For Standardization (ISIS) programme, as part of the pan-European PERMIS project (see

Any information missing or wrong?Report an Issue