Realization of FGAC Model using XACML Policy Specification

FGAC model has been adopted by enterprise applications, for the protection of their databases. Most of these deployments are not only limited in purpose but are dependent upon various other factors including query modification algorithms and software development languages. These factors have not only limited their applicability for distributed computing environments but have also affected their widespread adoption and acceptance. Moreover, due to the absence of standard FGAC profile specification, existing FGAC authorization techniques become unsuitable for advance applications such as web 2.0 and cannot be deployed across various platforms, thus fall short of flexibility and customizability. As a result, there is an increasing demand for standard based FGAC specification that could be easily fit into majority of computing environments. In this paper, we bring forth a policy specification (profile) for FGAC model. Our proposed specification is not restricted to database applications only; rather it is generic and flexible enough to be applied on every type of application. It explicates the ways in which organizations would be able to implement standard based fine-grained access control for nearly every application. We present the case-study - a realization of FGAC model based on the proposed policy specification followed by a complete dry-run of policy evaluation procedure.