Composing administrative scope of delegation policies based on extended XACML

XACML as a language of access policy and access context request based on attributes is widely accepted. Current XACML specification's main shortcoming is not considering delegation. A TC in OASIS proposed a draft about administrative policy, which extended XACML to describe delegation policies and stated how to process delegation policies in access decisions. In some cases, a supervisor may need to know administration authorities possessed by a manager who gets them through delegation policies. For providing such information, access control management systems should calculate total administration authority of a manager according to related delegation policies. Current XACML related works haven't addressed this topic. In this paper we define basic administrative scope and its simple XML schema, use a set of administrative scope representing administrative authority. Using these definitions, we formally describe the calculation of a manager's total administrative scope.