{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T02:50:02Z","timestamp":1761706202084},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"2","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2005,5]]},"abstract":"<jats:p>Modern day enterprises exhibit a growing trend toward adoption of enterprise computing services for efficient resource utilization, scalability, and flexibility. These environments are characterized by heterogeneous, distributed computing systems exchanging enormous volumes of time-critical data with varying levels of access control in a dynamic business environment. The enterprises are thus faced with significant challenges as they endeavor to achieve their primary goals, and simultaneously ensure enterprise-wide secure interoperation among the various collaborating entities. Key among these challenges are providing effective mechanism for enforcement of enterprise policy across distributed domains, ensuring secure content-based access to enterprise resources at all user levels, and allowing the specification of temporal and nontemporal context conditions to support fine-grained dynamic access control. In this paper, we investigate these challenges, and present X-GTRBAC, an XML-based GTRBAC policy specification language and its implementation for enforcing enterprise-wide access control. Our specification language is based on the GTRBAC model that incorporates the content- and context-aware dynamic access control requirements of an enterprise. An X-GTRBAC system has been implemented as a Java application. We discuss the salient features of the specification language, and present the software architecture of our system. A comprehensive example is included to discuss and motivate the applicability of the X-GTRBAC framework to a generic enterprise environment. An application level interface for implementing the policy in the X-GTRBAC system is also provided to consolidate the ideas presented in the paper.<\/jats:p>","DOI":"10.1145\/1065545.1065547","type":"journal-article","created":{"date-parts":[[2005,8,3]],"date-time":"2005-08-03T08:30:55Z","timestamp":1123057855000},"page":"187-227","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":92,"title":["X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control"],"prefix":"10.1145","volume":"8","author":[{"given":"Rafae","family":"Bhatti","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]},{"given":"Arif","family":"Ghafoor","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]},{"given":"James B. D.","family":"Joshi","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, PA"}]}],"member":"320","published-online":{"date-parts":[[2005,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581276"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/293910.293151"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501979"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/4236.935172"},{"key":"e_1_2_1_5_1","volume-title":"Workshop on Web Information and Data Management","author":"Bertino E.","year":"1975"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300837"},{"key":"e_1_2_1_8_1","first-page":"2004","article-title":"Towards Improved Federated Identity and Privilege Management in Open Systems","author":"Bhatti R.","year":"2004","journal-title":"CERIAS Technical Report"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.1297300"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 9th ACM Symposium on Access Control Models and Technologies","author":"Bhatti R."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300834"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of NISTNCSC National Computer Security Conference","author":"Ferraiolo D. F."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the 5th ACM Workshop on Role-Based Control","author":"Ferraiolo D."},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the 3rd ACM Workshop on Role-Based Access Control","author":"Gavrila S. I."},{"key":"e_1_2_1_16_1","unstructured":"IBM. Why XML schema beats DTDs hands-down for data. http:\/\/www-106.ibm.com\/developerworks\/xml\/library\/x-sbsch.html.  IBM. Why XML schema beats DTDs hands-down for data. http:\/\/www-106.ibm.com\/developerworks\/xml\/library\/x-sbsch.html."},{"key":"e_1_2_1_17_1","unstructured":"IIES. Purdue reference model for computer integrated manufacturing. http:\/\/iies.www.ecn.purdue.edu\/IIES\/PLAIC\/PERA\/ReferenceModel\/index.html.  IIES. Purdue reference model for computer integrated manufacturing. http:\/\/iies.www.ecn.purdue.edu\/IIES\/PLAIC\/PERA\/ReferenceModel\/index.html."},{"key":"e_1_2_1_18_1","unstructured":"ISO. 1986. Standard Generalized Markup Language (SGML). ISO 8879. Information Processing---Text and Office Systems---Standard Generalized Markup Language (SGML).  ISO. 1986. Standard Generalized Markup Language (SGML). ISO 8879. Information Processing---Text and Office Systems---Standard Generalized Markup Language (SGML)."},{"key":"e_1_2_1_19_1","unstructured":"Java Commerce. XML tutorial. http:\/\/www.javacommerce.com\/tutorial\/xmlj\/intro.htm.  Java Commerce. XML tutorial. http:\/\/www.javacommerce.com\/tutorial\/xmlj\/intro.htm."},{"key":"e_1_2_1_20_1","unstructured":"Jtenenbg. Overview of enterprise computing. http:\/\/faculty.washington.edu\/jtenenbg\/courses\/455\/s02\/sessions\/ec_overview.ppt.  Jtenenbg. Overview of enterprise computing. http:\/\/faculty.washington.edu\/jtenenbg\/courses\/455\/s02\/sessions\/ec_overview.ppt."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.1"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.970579"},{"key":"e_1_2_1_23_1","volume-title":"Annual Computer Security Applications Conference","author":"Kern A.","year":"2002"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of 1st International Conference on Information and Knowledge Management","author":"Niezette M."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/354876.354878"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_27_1","volume-title":"Symposium on Applied Computing","author":"Vuong N. N."},{"key":"e_1_2_1_28_1","unstructured":"W3SOAP. Simple object access protocol (SOAP) 1.1. http:\/\/www.w3.org\/TR\/SOAP\/.  W3SOAP. Simple object access protocol (SOAP) 1.1. http:\/\/www.w3.org\/TR\/SOAP\/."},{"key":"e_1_2_1_29_1","unstructured":"W3. W3C XML schema. www.w3.org\/XML\/Schema.  W3. W3C XML schema. www.w3.org\/XML\/Schema."},{"key":"e_1_2_1_30_1","unstructured":"Web Reference. Web services XML's role. http:\/\/www.webreference.com\/js\/tips\/011028.html.  Web Reference. Web services XML's role. http:\/\/www.webreference.com\/js\/tips\/011028.html."},{"key":"e_1_2_1_31_1","unstructured":"XML. 2000. eXtensible Markup Language (XML) 1.0 (Second). W3C Recommendation 6 October 2000. http:\/\/www.w3.org\/TR\/REC-xml.  XML. 2000. eXtensible Markup Language (XML) 1.0 (Second). W3C Recommendation 6 October 2000. http:\/\/www.w3.org\/TR\/REC-xml."},{"key":"e_1_2_1_32_1","unstructured":"XML Coverpages. 2003a. XACML 1.0 specification. http:\/\/xml.coverpages.org\/ni2003-02-11-a.html.  XML Coverpages. 2003a. XACML 1.0 specification. http:\/\/xml.coverpages.org\/ni2003-02-11-a.html."},{"key":"e_1_2_1_33_1","unstructured":"XML Coverpages. 2003b. SAML 1.0 specification. http:\/\/xml.coverpages.org\/ni2003-05-27-b.html.  XML Coverpages. 2003b. SAML 1.0 specification. http:\/\/xml.coverpages.org\/ni2003-05-27-b.html."},{"key":"e_1_2_1_34_1","unstructured":"XML Coverpages. 2004. OASIS RBAC announcement. http:\/\/xml.coverpages.org\/ni2004-04-05-a.html.  XML Coverpages. 2004. OASIS RBAC announcement. http:\/\/xml.coverpages.org\/ni2004-04-05-a.html."},{"key":"e_1_2_1_35_1","unstructured":"XPath. 2002. XML Path Language (XPath) 2.0. Working Draft 16 August 2002. http:\/\/www.w3.org\/TR\/xpath20\/.  XPath. 2002. XML Path Language (XPath) 2.0. Working Draft 16 August 2002. http:\/\/www.w3.org\/TR\/xpath20\/."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1065545.1065547","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,28]],"date-time":"2022-12-28T15:55:01Z","timestamp":1672242901000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1065545.1065547"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,5]]},"references-count":34,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2005,5]]}},"alternative-id":["10.1145\/1065545.1065547"],"URL":"https:\/\/doi.org\/10.1145\/1065545.1065547","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005,5]]},"assertion":[{"value":"2005-05-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}