{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:41:43Z","timestamp":1750308103595,"version":"3.41.0"},"reference-count":16,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2005,5,15]],"date-time":"2005-05-15T00:00:00Z","timestamp":1116115200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2005,7]]},"abstract":"\n In this paper we describe the eXtreme access control Tool (XacT) which provides an automated way to obtain access control information out of multi-layered applications. We believe that based on this information consistent access control policies can be specified to prevent over-privileged accounts. The main difficulty, that leads to these over-privileged accounts, comes from the distinction that must be made between identifying which users\n should<\/jats:italic>\n perform a workflow task (resource management) and which users\n are allowed<\/jats:italic>\n to perform a task (access control), as well as the fact that access control enforcement is typically spread over different layers in applications (e.g. database layer, operating system layer, workflow layer). In this paper, we present an automated way to obtain access control information out of multi-layered applications. We base our observations on recent insights into workflow controlled judicial information systems.\n <\/jats:p>","DOI":"10.1145\/1082983.1083202","type":"journal-article","created":{"date-parts":[[2005,11,7]],"date-time":"2005-11-07T19:28:32Z","timestamp":1131391712000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["XacT"],"prefix":"10.1145","volume":"30","author":[{"given":"Maarten","family":"Rits","sequence":"first","affiliation":[{"name":"SAP Research, Font de l'Orme, Mougins"}]},{"given":"Benjamin","family":"De Boe","sequence":"additional","affiliation":[{"name":"SAP Research, Font de l'Orme, Mougins"}]},{"given":"Andreas","family":"Schaad","sequence":"additional","affiliation":[{"name":"SAP Research, Font de l'Orme, Mougins"}]}],"member":"320","published-online":{"date-parts":[[2005,5,15]]},"reference":[{"volume-title":"Special Edition Using Enterprise JavaBeans 2.0","year":"2002","author":"Cavaness Chuck","key":"e_1_2_1_1_1"},{"volume-title":"Proc. of ECOOP","year":"2001","author":"Kiczales Gregor","key":"e_1_2_1_4_1"},{"volume-title":"Proc. of ECOOP","year":"1997","author":"Lopes Videira","key":"e_1_2_1_5_1"},{"volume-title":"KPMG International Canada","year":"1996","author":"Fraud Survey Reports KPMG","key":"e_1_2_1_6_1"},{"volume-title":"Pearson Education","year":"2002","author":"LaMacchia Brian A.","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","unstructured":"Core and Hierarchical Role Based Access Control (RBAC) profile of XACML Version 2.0. Committee Draft 01 30 September 2004. OASIS Open. Core and Hierarchical Role Based Access Control (RBAC) profile of XACML Version 2.0. Committee Draft 01 30 September 2004. OASIS Open."},{"volume-title":"March","year":"1999","author":"Minister Prime","key":"e_1_2_1_9_1"},{"volume-title":"International Conference Advances in Infrastructure for e-Business, e-Education, e-Science and e-Medecine on the internet.","year":"2002","author":"Rohrig S.","key":"e_1_2_1_10_1"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066677.1066976"},{"volume-title":"Workshop on Aspect-Oriented Programming, ECOOP'03","year":"2003","author":"Schult Wolfgang","key":"e_1_2_1_13_1"},{"volume-title":"SANS Security Essentials. CISSP","year":"2001","author":"Smith Harry E.","key":"e_1_2_1_14_1"},{"key":"e_1_2_1_15_1","unstructured":"Enterprise JavaBeans Specification. Sun Microsystems. November 2003. Enterprise JavaBeans Specification. Sun Microsystems. November 2003."},{"key":"e_1_2_1_16_1","unstructured":"Java Authentication and Authorization Service Reference Guide Sun Microsystems. Java Authentication and Authorization Service Reference Guide Sun Microsystems."},{"volume-title":"DAIS 2003","year":"2003","author":"Verhanneman Tine","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","unstructured":"Web Services Architecture. W3C. February 2004. Web Services Architecture. W3C. February 2004."},{"volume-title":"Pia Ehrnlechner and Alfons Kemper Reliable and Adaptable Security Engineering for Database-Web Services Proceedings of the 4th International Conference on Web Engineering (ICWE 2004)","year":"2004","author":"Wimmer Martin","key":"e_1_2_1_19_1"}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1082983.1083202","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1082983.1083202","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:08:05Z","timestamp":1750262885000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1082983.1083202"}},"subtitle":["a bridge between resource management and access control in multi-layered applications"],"short-title":[],"issued":{"date-parts":[[2005,5,15]]},"references-count":16,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2005,7]]}},"alternative-id":["10.1145\/1082983.1083202"],"URL":"https:\/\/doi.org\/10.1145\/1082983.1083202","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/1083200.1083202","asserted-by":"subject"}]},"ISSN":["0163-5948"],"issn-type":[{"type":"print","value":"0163-5948"}],"subject":[],"published":{"date-parts":[[2005,5,15]]},"assertion":[{"value":"2005-05-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}