The validation of enterprise authorization specification for conformance to enterprise security policies requires an out-of-band framework in many situations since the enforcing access control mechanism does not provide this feature. In this paper we describe one such framework. The framework uses XML to encode the enterprise authorization specification, XML Schema to specify the underlying access control model (which in our case is the Role-based Access control Model (RBAC)) and Schematron language to encode the policy constraints. The conformance of the XML-encoded enterprise authorization specification to the structure of the RBAC model (specified through XML Schema) as well as the policy constaints (specified through Schematron) are verified through a Schematron Validator tool.
展开▼
