An XML-based Policy Model for Access Control in Web Applications
Authors
Abstract
Organizational Information Systems (IS) collect, store, and manage personal and business data. Due to regulation laws and to protect the privacy of users, clients, and business partners, these data must be kept private. This paper proposes a model and a mechanism that allows defining access control policies based on the user profile, the time period, the mode and the location from where data can be accessed. The proposed policy model is simple enough to be used by a business manager, yet it has the flexibility to define complex restrictions. At runtime, a protection layer monitors data accesses and enforces existing pol-icies. A prototype tool was implemented to run an experimental evaluation, which showed that the tool is able to enforce access control with minimal per-formance impact, while assuring scalability both in terms of the number of us-ers and the number of policies.
Keywords
Access control, Policy, Data privacy, Security
Subject
Privacy Control
Related Project
Menon@WS - Methodologies for the Development of Non-Vulnerable Web Services
Conference
24th International Conference on Database and Expert Systems Applications (DEXA '13) 2013
DOI
Cited by
No citations found