TY - GEN
T1 - Resolving Policy Conflicts - Integrating policies from multiple authors
AU - Fatema, Kaniz
AU - Chadwick, David
PY - 2014
Y1 - 2014
N2 - In this paper we show that the static conflict resolution strategy of XACML is not always sufficient to satisfy the policy needs of an organisation where multiple parties provide their own individual policies. Different conflict resolution strategies are often required for different situations. Thus combining one or more sets of policies into a single XACML ‘super policy’ that is evaluated by a single policy decision point (PDP), cannot always provide the correct authorisation decision, due to the static conflict resolution algorithms that have to be built in. We therefore propose a dynamic conflict resolution strategy that chooses different conflict resolution algorithms based on the authorisation request context. The proposed system receives individual and independent policies, as well as conflict resolution rules, from different policy authors, but instead of combining these into one super policy with static conflict resolution rules, each policy is evaluated separately and the conflicts among their authorisation decisions is dynamically resolved using the conflict resolution algorithm that best matches the authorisation decision request. It further combines the obligations of independent policies returning similar decisions which XACML can’t do while keeping each author’s policy intact.
AB - In this paper we show that the static conflict resolution strategy of XACML is not always sufficient to satisfy the policy needs of an organisation where multiple parties provide their own individual policies. Different conflict resolution strategies are often required for different situations. Thus combining one or more sets of policies into a single XACML ‘super policy’ that is evaluated by a single policy decision point (PDP), cannot always provide the correct authorisation decision, due to the static conflict resolution algorithms that have to be built in. We therefore propose a dynamic conflict resolution strategy that chooses different conflict resolution algorithms based on the authorisation request context. The proposed system receives individual and independent policies, as well as conflict resolution rules, from different policy authors, but instead of combining these into one super policy with static conflict resolution rules, each policy is evaluated separately and the conflicts among their authorisation decisions is dynamically resolved using the conflict resolution algorithm that best matches the authorisation decision request. It further combines the obligations of independent policies returning similar decisions which XACML can’t do while keeping each author’s policy intact.
UR - https://link.springer.com/chapter/10.1007/978-3-319-07869-4_29
U2 - 10.1007/978-3-319-07869-4_29
DO - 10.1007/978-3-319-07869-4_29
M3 - Conference publication
SN - 978-3-319-07868-7
T3 - Lecture Notes in Business Information Processing
SP - 310
EP - 321
BT - The 4th International Workshop on Information Systems Security Engineering WISSE’14
PB - Springer
ER -