Constraints are considered to be the principal motivation for RBAC model. XACML profile for RBAC can not meet the need of expressing static and dynamic RBAC constraints well. We give the XACML syntax of common static and dynamic Separation of Duty constraints and cardinality constraints of RBAC. We also complement Role Enablement Authority to extend this profile in order to enforce these constraints.
展开▼