Constrained Delegation in XML-based Access Control and Digital Rights Management Standards

G. Navarro (Spain), B.S. Firozabadi, E. Rissanen (Sweden), and J. Borrell (Spain)


Delegation, Access Control, Digital Rights Management, SAML, XACML, XRML


In access control and digital rights management, del egation introduces the ability to decentralize the manage ment of the privileges in a system. Constrained delega tion presents a new approach to delegation, where the au thority to create a permission and the permission itself is clearly differentiated. This allows the use of delegation for scenarios where one may have the authority to create a permission, but without having the permission for him self. In this paper we examine some of the most popular XML standards for access control and digital rights man agement, and how constrained delegation can be supported by them. Specifically we take a look at the Secure As sertion Markup Language (SAML), the eXtensible Access Control Markup Language (XACML), and the eXtensible rights Markup Language (XrML).

Important Links:

Go Back