Using Attribute-Based Access Control to Enable Attribute-Based Messaging

Rakesh Bobba
University of Illinois
USA

Omid Fatemieh
University of Illinois
USA

Fariba Khan
University of Illinois
USA

Carl Gunter
University of Illinois
USA

Himanshu Khurana
University of Illinois
USA

Attribute Based Messaging (ABM) enables message senders to dynamically create a list of recipients based on their attributes an inferred from an enterprise database. Such targeted messaging can reduce unnecessary communications and enhance privacy, but faces challenges in access control. In this paper we explore an approach to ABM based on deriving access control information from the same attribute database exploited by the addressing scheme. We show how to address
three key challenges. First, we demonstrate a manageable access control system based on attributes. Second we show how this can be used with existing messaging systems to provide a practical deployment strategy. Third, we show that such a system can be efficient enough to support ABM for mid-size enterprises. Our implementation can dispatch ABM messages approved by XACML review for an enterprise of at least 60,000 users with only seconds of latency.

Keywords: Attribute-Based Access Control, Attribute-Based Messaging

Read Paper Read Paper (in PDF)