부산대학교 도서관

Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i.e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e.g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement. In distributed systems, e. g., based on the service-oriented architecture (soa), the time for evaluating access control constraints depends significantly on the protocol between the central Policy Decision Point (pdp) and the distributed Policy Enforcement Points (peps). In this paper, we present a policy-driven approach for generating customized protocol for the communication between the pdp and the peps. We provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.