The rapid growth of location-based applications, geographic or large scale information systems has resulted in the demand of strictly controlling data access that requires specifying and enforcing fine grained policies with the variety of context-aware spatial and temporal restrictions. Besides, the interoperable use of distributed and heterogeneous data such as data sharing, data integration or data exchanging between different organizations has caused the formation and development of access control mechanisms using XML for enforcing security rules and policies in accordance with the international standards. In this paper, we propose an extension of XACML called the X-STROWL model for a generalized context-aware role-based access control (RBAC) model with the support of spatio-temporal restrictions and in conformity with the NIST standard for RBAC. In doing this, the XACML architecture is augmented with new functions and data types. In addition, policies are reorganized to adopt with the NIST standard. Besides, a set of conditions aimed to a certain circumstance can be generalized into a context profile and specified in the access control policies. The model also integrates the OWL ontology for semantic reasoning on hierarchical roles to simplify the specification of access control policies and increase the intelligence of the authorization decision engine.
展开▼