Science & Engineering Research Support soCiety (SERSC)
Security services are provided through: the applications, operating systems, databases and the network. There are many proposals to use policies to define, implement and evaluate security services. The authors discussed a full test automation framework to test XACML (the eXtensible Access Control Markup Language) based policies. Using policies as input the developed tool can generate test cases based on the policy and the general XACML model. They evaluated a large dataset of policy implementations. The collection includes more than 200 test cases that represent instances of policies. Policies are executed and verified, using requests and responses generated for each instance of policies.