" rel="home">

Work Description

The goal of the subcommittee is to define a framework for the specification and evaluation of access control rules.

The framework needs to be flexible and expressive enough to support different access control policies that may need to be applied (and have been proposed or are used in different real-world scenarios).

Defining a framework means to define:

• a model: clearly describing the type of access control rules that can be expressed and their evaluation. The model needs not be formal but the definition must be unambiguous.
• a language: for specifying access control rules. The language gives a syntax for expressing the rules whose semantics has been defined in the model. The language will be XML-based, namely a policy will be represented as a valid XML document (each rule corresponding to a valid XML fragment). The XML schema used to validate policies and rules will contain type definitions for all entities composing the rules.

The framework will be flexible and expressive enough to accomodate different protection requirements and policies. It will be extensible, that is it will be possible to define new types of entities by extending existing ones via well defined procedures.

The language can be seen as three-layered:

1. core-layer gives the syntax of the rules
2. type-layer gives the data types allowed as entities inside rules
3. policy-layer defines the overall syntax of policies.

The subcommittee will release:

• the description of the model (not formal)
• the three-layered specification of the language
• examples of representing policies gathered through the available use-cases (interacting with the use case subcommittee).

The result of the subcommittee could be used, at the committee level, as a starting point for providing a reference implementation.

Membership

Sub-committee members are as follows:

• Carlisle Adams
• Anne Anderson
• Simon Godik
• Polar Humenn
• Michiharu Kudo
• Hal Lockhart
• Fred Moses
• Bill Parducci
• Jason Rouault
• Pierangela Samarati (chair)
• Ken Yagen

Proposals

• What needs to be specified by the XACML policy model?(.doc)(.htm), by Ernesto Damiani and Pierangela Samarati
• What needs to be specified by the XACML model?(.pdf), by Pierangela Samarati
• XACML-Proposal for Policy Model Regarding Subject Semantics, (.pdf), by Michiharu Kudo
• XACML-Proposal for Policy Model Regarding Object Semantics, (.pdf), by Michiharu Kudo
• Necessary and Sufficient Condition, (.ps)
• XACML Policy Model, (.pdf), by Pierangela Samarati and Ernest Damiani
• XACML Extension Model and Core Schema, (.pdf.doc), by Michiharu Kudo

Schedule

Following is the sub-committee conference call schedule. Call-in information is as follows:

• Tel: 512-225-3050 Access Code: 65998
• Sponsor: Conference Call Unlimited, Inc.

Conference call starts at 4PM US Eastern time from 29 October. Other time zones:

• 4PM-6PM US Eastern
• 3PM-5PM US Central
• 1PM-3PM US Pacific
• 6AM-8AM Tokyo, Japan
• 10PM-12PM Milan, Italy

Timezone converter: e.g. http://www.timezoneconverter.com/cgi-bin/tzc.tzc