 |
 |
|
Enabling Privacy-Preserving Credential-Based Access Control with XACML and SAML Ref:
Claudio A. Ardagna, Sabrina De Capitani
di Vimercati, Gregory Neven, Stefano Paraboschi, Franz-Stefan Preiss,
Pierangela Samarati, and Mario Verdicchio. To appear at IEEE International
Symposium on Trust, Security and Privacy for Emerging Applications 2010. Abstract:
In this paper we describe extensions
to the access control industry standards XACML and SAML to enable privacy-preserving
and credential-based access control. Rather than assuming that an enforcement
point knows all the requester’s attributes, our extensions allow
the requester to learn which attributes have to be revealed and which
conditions must be satisfied, thereby enabling to leverage the advantages
of privacy-preserving technologies such as anonymous credentials. Moreover,
our extensions follow a credential-based approach, i.e., attributes
are regarded as being bundled together in credentials, and the policy
can refer to attributes within specific credentials. In addition to
defining language extensions, we also show how the XACML architecture
and model of evaluating policies can be adapted to the credential-based
setting, and we discuss the problems that such extensions entail. PDF
|
