Research Article
Towards a Secure and Borderless Collaboration between Organizations: An Automated Enforcement Mechanism
| Input: XACML document | | Forall attribute categories do | | Forall Policy elements do | | evaluate rulesnumber of current policy; | | If rulesnumber ≥ 2 then //policy with one rule does not need optimization | | For i=1 to rulesnumber do | | parse Target of rule i; | | If Target designates current attribute category then | | CurrentValue:=value(attribute category); | | combinedRules:= rule i; | | For j=i+1 to rulesnumber do | | parse Target of rule j; | | If value(attribute category)= CurrentValue then | | combinedRules:= rule j; | | If length(combinedRules) ≥ 2 then | | If length(combinedRules) = rulesnumber then | | alter Target of current Policy element; | | alter combinedRules Targets; | | Else | | create sibling policy with Target designating CurrentValue for attr category; | | alter combinedRules Targets; | | move combinedRules to the new sibling policy; |
|
