Popis: |
Sensitive information is increasingly becoming more accessible. Access control is a mechanism that is widely used to protect such information. Extensible Access Control Markup Language (XACML) is one of the most prominent access control policy languages. The XACML core specification defines an entity called the policy decision point (PDP) for evaluating policies to make a decision on incoming access requests. The problem is that this process is performed for one resource at a time. This hinders system performance greatly, especially in ubiquitous applications where performance is critical. We propose a mechanism for reducing the overhead performance costs when multiple resources are requested (i.e. the entire hierarchical or entire sub-hierarchical document) by applying the post-condition concept, in the form of "transformations" (as defined in the Common Policy), to filter the requested document. |