Open Access Open Access  Restricted Access Subscription or Fee Access

SpatioTemporal RBAC Profile for XACML

A. A. Abd El-Aziz, A. Kannan


XACML (extensible Access Control Markup Language) is an open standard language based on XML. It’s the de facto language designed to describe the security policy and the access permission of network service, digital rights management and enterprise security applications information. RBAC profile of XACML is used to express policies that use role based access control. However, RBAC access decision is not influenced by the spatiotemporal context of both the subjects and the objects in the system. In this paper, we extend this profile with spatiotemporal RBAC profile. It incorporates different constraints dependent on spatiotemporal conditions. The spatiotemporal conditions allow to enhance the access control of XACML by specifying a wide variety of spatiotemporal access control policies. The extension facilitates the administration by providing a convenient and efficient way of managing access control policies.


XACML, RBAC, Access Control, Spatiotempo- Ral Policy

Full Text:



M. Aburahma and R. Stumptner. Modeling Location Attributes Using XACML-RBAC Model. In Proceedings of the 7th International Con- ference on Advances in Mobile Computing and Multimedia, pages 251 – 254, 2009.

S. Aich, S. Mondal, S. Sural, and A. K. Majumdar. Role based access control with spatiotemporal context for mobile applications. In Proceedings of Springer Transactions on Computational Science, 4:177 199, 2009.

S. Aich, S. Sural, and A. K. STARBAC. Spatiotemporal role based access control. In Proceedings of Information Security Conference, LNCS, Springer-Verlag, page 1567 1582, Nov., 2007.

C. A. Ardagna, E. Damianic, S. D. C. d. Vimercati, and P. Samarati. XML Security. In Proceedings of Data-Centric Systems and Applica- tions, Security, Privacy, and Trust in Modern Data Management, Part II, pages 71 – 86, 2007.

Core and OASIS Standard Hierarchical Role Based Access Con- trol (RBAC) Profile of XACML v2.0. xacml/2.0/access control-xacml-2.0-rbac-profile1-spec-os.pdf. 2005.

M. V. Covington, W. Long, S. Srinivasan, A.K. Dey, M. Ahamad, and G. D. Abowd. Securing context-aware applications using environment roles. In Proceedings of ACM Symposium on Access Control Models and Technologies, pages 10 – 20, 2001.

M. Decker. Requirements for a location-based access control model. In Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia, New York, NY, USA, page 346 349, 2008.

eXtensible Access Control Markup Language (XACML) Ver- sion 3.0. OASIS Standard, 22 Jan., 2013, http://docs.oasis-

J. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 17(1):4 – 23, Jan., 2005.

S. Mondal and S. Sural. XML-Based Policy Specification Framework for Spatiotemporal Access Control. In Proceedings of the 2nd international conference on Security of information and networks, pages 98 – 103, 6-10 Oct., 2009.

I. Ray and M. Toahchoodee. A spatiotemporal role based access control model. In Proceedings of In 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, page 211 226, July, 2007.

A. Samuel, A. Ghafoor, and E. A. Bertino. framework for specifcation and verification of generalized spatio-temporal role based access control model. In Proceedings of CERIAS Tech Report, Purdue University, West Lafayette, page 143 168, August, 2007.

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role- based access control models. IEEE Computer, 29(2):38 – 47, 1996.

Sun’s XACML. Implementation Programmer’s Guide for Sun’s XACML Version 1.2, July 11, 2004 guide.htm.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.