Databases Reference
In-Depth Information
access target matches and the optional conditions match, is used to decide
the result of the request.
These decision combining algorithms allow administrators to provide var-
ious levels of security restrictions on their sensitive data.
Access Request.
XACML defines the format for the request message that provides context
for the policy-based decisions. Each request may contain multiple Subject
elements and multiple attributes for the Subject, Resource and Action.
Figure 6 shows a sample
XACML Request Context
format where Robert
requests a read access for the first
entry
element of the review summary XML
document. The request context consisting of three sub-structures,
Subject
information,
Resource
information, and
Action
information, each consisting
of one or more attribute type-value pairs. In this example,
subject-id
and
role
are attribute types and
Robert
and
reviewerName
are attribute values,
respectively. It is assumed that those attributes are given by a separate au-
thentication mechanism that is out of the scope of the XACML specification.
Regarding to resource information, the
XACML request context
can con-
tain the target XML data as relevant information about the target resource.
The
ResourceContent
element contains the
review summary
XML data with
the namespace prefixed by
rs:
. The target XML document is referred to from
the access control policy using the
AttributeSelector
function. For exam-
ple, rule
R3-2
of Figure 5 specifies the path,
//rs:review summary/rs:entry
/rs:review/rs:reviewerName/text()
, which refers to
Robert
.Thisisone
of the advantages of the XACML policy model that allows the policy to refer
to any of the values of the target XML data as embedded in the
Request
Context
and to compare those values against constant values.
Access Response.
The response message defined by XACML provides the format for conveying
the Decision (
Deny
or
Permit
) and the Status of an access request evaluation
as Figure 7 shows. In our example, the decision is
Deny
since the requested
entry
element contains an
AuthorName
element that should not be acces-
sible to the Reviewer. The
EntireHierarchy
scope parameter specified in
the
Resource
of the
XACML Request Context
defines the semantics of the
response context such that if any of the descendants nodes of the requested
node have one or more access-denial nodes, then the resulting decision should
be a denial.
4.3 WS-Policy
WS-Policy Framework [20] is a W3C standard Web services governance spec-
ification that enables a service to specify what it expects of callers and how
