Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation

The adoption of XACML as the standard for specifying access control policies for various applications, especially web services is vastly increasing. A policy evaluation engine can easily become a bottleneck when enforcing large policies. In this paper, the authors propose an adaptive approach for XACML policy optimization. They proposed a clustering technique that categorizes policies and rules within a policy set and policy respectively in respect to target subjects. Furthermore, they propose a usage based framework that computes access request statistics to dynamically optimize the ordering of policies within a policy set and rules within a policy. Reordering is applied to categorized policies and rules from their proposed clustering technique.