Extended XACML Language and Architecture for Access Control in Graph-structured Data
Sprache des Vortragstitels:
Englisch
Original Tagungtitel:
The 23rd International Conference on Information Integration and Web Intelligence (iiWAS 2021)
Sprache des Tagungstitel:
Englisch
Original Kurzfassung:
The rapidly increasing use of graph databases for a wide
variety of applications demands flexible authorization and
fine-grained access control at the level of attributes associated
with the basic entities (i.e., accessing subject, requested
resource, performed action, and environmental conditions)
but also the vertices and edges along a particular access path.
We present a solution for authorization policy specification
and enforcement in a graph database to apply fine-grained
path-specific constraints on graph-structured data. Therefore,
we extend the well-established declarative policy definition
language eXtensible Access Control Markup Language
(XACML) and its architecture to describe path patterns and
enforce the policies using the standard functional components
of XACML. Our approach, XACML for Graph-structured
data (XACML4G), defines an extended XACML grammar
for the authorization policy and access request. To enforce
XACML4G policies, we relied on the possible extensibility
points of XACML architecture and added proprietary extensions.
We show the significance of our approach by means of
a demonstration prototype in the university domain. Finally,
we provide an initial evaluation of the expressiveness and
performance of XACML4G with regard to XACML.