Abstract

To protect the security and privacy of sensitive digital information, it is often necessary to employ a variety of security mechanisms such as encryption, integrity control, authentication, and access control. This paper describes a framework that extends eXtensible Access Control Markup Language (XACML) for use as a container for embedding access control policy with the digital content in the same XACML document. The digital content can be further divided into multiple parts, each of which is encapsulated by its own access control policy. This integrated XACML policy and content document is further protected by using XML Encryption (XML-ENC) and XML Signature (XML-DSIG) mechanisms, as well as XML Key Management Specification (XKMS) for leveraging Public Key Infrastructure (PKI), all in support of the embedded and fine-grained structure. This framework and associated security mechanisms are designed primarily to facilitate the protection and sharing of sensitive information in transit and at rest, within and across organizational boundaries. This paper also describes a prototype implementation of the framework for feasibility study purpose.

Full Text

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.