Secure Identity Management System for Federated Cloud Environment - Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing - page 22

Information Technology Reference

In-Depth Information

Listing 4 XACML based ARD Policy

<Policy PolicyId= "Policy:id:1"

RuleCombiningAlgId= "urn:oasis:names:tc:xacml:1.1:

rule-combining-algorithm:ordered-permit-overrides" >

<Target/>

<Rule RuleId= "Rule:id:1" Effect= "Permit" >

<Description> "This Policy applies to Doctor A, who can

view Patient B's records using

198.162.0.1" </Description>

<Target>

<Subjects> <Subject>

<SubjectMatch MatchId= "urn:oasis:names:tc:xacml:1.0:

function:string-equal" > <AttributeValue

DataType= "http://www.w3.org/2001/XMLSchema#string" >

Doctor A </AttributeValue>

</SubjectMatch> </Subject> </Subjects>

<Resources> <Resource>

<ResourceMatch MatchId= "urn:oasis:names:tc:xacml:1.0:

function:anyURI-equal" > <AttributeValue

DataType= "http://www.w3.org/2001/XMLSchema#anyURI" >

Patient B </AttributeValue>

</ResourceMatch> </Resource> </Resources>

<Actions> <Action>

<ActionMatch MatchId= "urn:oasis:names:tc:xacml:1.0:

function:string-equal" > <AttributeValue

DataType= "http://www.w3.org/2001/XMLSchema#string" >

View </AttributeValue>

</ActionMatch> </Action> </Actions>

</Target>

<Condition FunctionId= "urn:oasis:names:tc:xacml:1.0:

function:string-equal" > <AttributeValue

DataType= "http://www.w3.org/2001/XMLSchema#anyURI" >

192.168.0.1 </AttributeValue>

</Condition> </Rule>

<Rule RuleId= "Rule:id:default" Effect= "Deny" >

</Policy>

All of the generated policies are then placed at a centralized and secure pol-

icy repository accessible to both CSPs. Our system does not include delegation

chains, meaning any subject that has delegated (temporary) access rights is not

allowed to further delegate the access rights, since they do not own the resource

they are attempting to delegate. After successful policy generation, whenever,

the PDP receives the resource access request from PEP, it evaluates the policy

against the provided request and replies back to the PEP for the enforcement of

its decision. Proposed system ensures the privacy of CSCs also, in the context

of the same E-Healthcare system (Doctor and Patient), during the registration

phase Cloud administrators asks the Patient that whether or not they allow their

Next Page

Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing

Search WWH ::

Custom Search

Home