In this paper we describe extensions to the access control industry standards XACML and SAML to enable privacy-preserving and credential-based access control. Rather than assuming that an enforcement point knows all the requester's attributes, our extensions allow the requester to learn which attributes have to be revealed and which conditions must be satisfied, thereby enabling to leverage the advantages of privacy-preserving technologies such as anonymous credentials. Moreover, our extensions follow a credential-based approach, i.e., attributes are regarded as being bundled together in credentials, and the policy can refer to attributes within specific credentials. In addition to defining language extensions, we also show how the XACML architecture and model of evaluating policies can be adapted to the credential-based setting, and we discuss the problems that such extensions entail. © 2010 IEEE.

(2010). Enabling Privacy-preserving Credential-based Access Control with XACML and SAML [conference presentation - intervento a convegno]. Retrieved from http://hdl.handle.net/10446/24974

Enabling Privacy-preserving Credential-based Access Control with XACML and SAML

PARABOSCHI, Stefano;VERDICCHIO, Mario
2010-01-01

Abstract

In this paper we describe extensions to the access control industry standards XACML and SAML to enable privacy-preserving and credential-based access control. Rather than assuming that an enforcement point knows all the requester's attributes, our extensions allow the requester to learn which attributes have to be revealed and which conditions must be satisfied, thereby enabling to leverage the advantages of privacy-preserving technologies such as anonymous credentials. Moreover, our extensions follow a credential-based approach, i.e., attributes are regarded as being bundled together in credentials, and the policy can refer to attributes within specific credentials. In addition to defining language extensions, we also show how the XACML architecture and model of evaluating policies can be adapted to the credential-based setting, and we discuss the problems that such extensions entail. © 2010 IEEE.
2010
Ardagna, CLAUDIO AGOSTINO; DE CAPITANI DI VIMERCATI, Sabrina; Neven, Gregory; Paraboschi, Stefano; Preiss, FRANZ STEFAN; Samarati, Pierangela; Verdicc...espandi
File allegato/i alla scheda:
Non ci sono file allegati a questa scheda.
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/24974
Citazioni
  • Scopus 23
  • ???jsp.display-item.citation.isi??? ND
social impact