China
Africa
Explore chapters and articles related to this topic
RFID-Enabled Privacy-Preserving Video Surveillance: A Case Study
Published in Syed Ahson, Mohammad Ilyas, RFID Handbook, 2017
Jehan Wickramasuriya, Sharad Mehrotra, Nalini Venkatasubramanian
Security policies are specified using the eXtensible Access Control Markup Language (XACML), which are processed by an enforcement engine that provides mediated access to a database. XACML [4] is utilized to define the access policies as well as carry out enforcement on these policies. XACML is a standard, general-purpose access control policy language defined using XML. It is flexible enough to accommodate most system needs, so it may serve as a single interface to policies for multiple applications and environments. In addition to defining a policy language, XACML also specifies a request and response format for authorization decision requests, semantics for determining policy applicability, etc. (Figure 25.5). The components of the access control model are the video-based objects, the potential users, and modes of access that can be modeled as a traditional authorization rule of the form 〈s, o, m〉, where subject s is authorized to access object o under mode m, where the mode is associated with a particular privacy level. In the following section we give a general description of the type of policies supported by our system and then give specific examples of their specification in XACML. (A simple example of subject specification is shown in Figure 25.6.)*
Flexible, decentralised access control for smart buildings with smart contracts
Published in Cyber-Physical Systems, 2022
Leepakshi Bindra, Kalvin Eng, Omid Ardakanian, Eleni Stroulia
Access control policies can be developed leveraging BIM. Skandhakumar et al. [14] provide a review of spatio-temporal access control models and propose an authorisation framework that involves (a) modelling of spatial data in BIM, (b) creation of access policies based on BIM, and (c) authorisation of these policies. In particular, the authors introduce ‘contains’, ‘connected’, ‘adjacent’, and ‘accessible’ relationships between building elements which are accounted for when reasoning about access policies. To capture the relationships between spaces in a building, BIM is transferred to a graph model in [15]. Despite the novelty of this model, it does not incorporate concepts such as sensors, actuators, and building subsystems which can be affected by people who are given access to the building spaces. To specify access control policies, the use of ‘eXtensible access control markup language’ (XACML) is proposed in [16]. XACML is a standard language for specifying and evaluating access requests. Our proposed smart contract solution is similar to XACML in that we separate authorisation across different services and provide a template smart contract to execute access requests.
Policy reconciliation for access control in dynamic cross-enterprise collaborations
Published in Enterprise Information Systems, 2018
D. Preuveneers, W. Joosen, E. Ilie-Zudor
A key advantage of our framework is that it separates the domain knowledge from the rule-based policies of XACML, which makes the reconciliation of attributes and relationships in cross-organizational authorization policies much easier. Subsets of users and/or objects that are otherwise part of the access rule definition are now declared separately, simplifying the definition of a policy towards a logical composition of permission triples. This is a key benefit compared to XACML-based ABAC policies for which it is not trivial to ascertain which policies apply for a given access request. The XACML specification incorporates dedicated language constructs (i.e. targets) to identify which policies and rules are relevant to compute an access control decision.