Abstract
The rapidly increasing use of graph databases for a wide variety of applications demands flexible authorization and fine-grained access control at the level of attributes associated with the basic entities (i.e., accessing subject, requested resource, performed action, and environmental conditions) but also the vertices and edges along a particular access path. We present a solution for authorization policy specification and enforcement in a graph database to apply fine-grained path-specific constraints on graph-structured data. Therefore, we extend the well-established declarative policy definition language eXtensible Access Control Markup Language (XACML) and its architecture to describe path patterns and enforce the policies using the standard functional components of XACML. Our approach, XACML for Graph-structured data (XACML4G), defines an extended XACML grammar for the authorization policy and access request. To enforce XACML4G policies, we relied on the extensibility points of the XACML architecture and added proprietary extensions. We show the significance of our approach by means of a demonstration prototype in the university domain. Finally, we provide an initial evaluation of the expressiveness and performance of XACML4G with regard to XACML.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
