Research Article
Towards a Secure and Borderless Collaboration between Organizations: An Automated Enforcement Mechanism
Input: XACML document | Forall attribute categories do | Forall Policy elements do | evaluate rulesnumber of current policy; | If rulesnumber ≥ 2 then //policy with one rule does not need optimization | For i=1 to rulesnumber do | parse Target of rule i; | If Target designates current attribute category then | CurrentValue:=value(attribute category); | combinedRules:= rule i; | For j=i+1 to rulesnumber do | parse Target of rule j; | If value(attribute category)= CurrentValue then | combinedRules:= rule j; | If length(combinedRules) ≥ 2 then | If length(combinedRules) = rulesnumber then | alter Target of current Policy element; | alter combinedRules Targets; | Else | create sibling policy with Target designating CurrentValue for attr category; | alter combinedRules Targets; | move combinedRules to the new sibling policy; |
|