Attribute-based Access Control (ABAC) is an access control model where authorization for an action on a resource is determined by evaluating attributes of the subject, resource (object) and environment. The attributes are evaluated against boolean rules of varying complexity. ABAC rule languages are often based on serializable object modeling and schema languages as in the case of XACML which is based on XML Schema. XACML is a standard by OASIS, and is the current de facto standard for ABAC. While a JSON profile for XACML exists, it is simply a compatibility layer for using JSON in XACML which caters to the XML object model paradigm, as opposed to the JSON object model paradigm. This research proposes JSON Schema as a modeling language that caters to the JSON object model paradigm on which to base an ABAC rule language. It continues to demonstrate its viability for the task by comparison against the features provided to XACML by XML Schema.
Reference:
Linklater, G. et al. 2017. JSON Schema for Attribute-based Access Control for Network Resource Security. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 September 2017, Freedom of the Sea, Royal Caribbean International, Barcelona, Spain
Linklater, G., Smith, C., Connan, J., Herbert, A., & Irwin, B. V. (2017). JSON Schema for Attribute-based Access Control for Network Resource Security. SATNAC. http://hdl.handle.net/10204/9820
Linklater, G, C Smith, J Connan, A Herbert, and Barry VW Irwin. "JSON Schema for Attribute-based Access Control for Network Resource Security." (2017): http://hdl.handle.net/10204/9820
Linklater G, Smith C, Connan J, Herbert A, Irwin BV, JSON Schema for Attribute-based Access Control for Network Resource Security; SATNAC; 2017. http://hdl.handle.net/10204/9820 .
Paper presented at the Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 September 2017, Freedom of the Sea, Royal Caribbean International, Barcelona, Spain