000000083 001__ 83
000000083 005__ 20130522141942.0
000000083 037__ $$aLERSSE-RefConfPaper-2005-014
000000083 041__ $$aeng
000000083 100__ $$aJohn Barkley
000000083 100__ $$aKonstantin Beznosov
000000083 100__ $$aJinny Uppal
000000083 100__ $$aJohn Barkley
000000083 100__ $$aKonstantin Beznosov
000000083 100__ $$aJinny Uppal
000000083 245__ $$aSupporting Relationships in Access Control Using Role Based Access Control
000000083 260__ $$c2005-10-16
000000083 520__ $$aThe Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other factors, in particular, relationships between entities, such as, the user, the object to be accessed, and the subject of the information contained within the object. Such relationships are often not efficiently represented using traditional static security attributes centrally administered. Furthermore, the extension of RBAC models to include relationships obscures the fundamental RBAC metaphor. This paper furthers the concept of relationships for use in access control, and it shows how relationships can be supported in role based access decisions by using the Object Management Group’s (OMG) Resource Access Decision facility (RAD). This facility allows relationship information, which can dynamically change as part of normal application processing, to be used in access decisions by applications. By using RAD, the access decision logic is separate from application logic. In addition, RAD allows access decision logic from different models to be combined into a single access decision. Each access control model is thus able to retain its metaphor.
000000083 6531_ $$aRel-BAC
000000083 6531_ $$aRAD
000000083 6531_ $$aRBAC
000000083 6531_ $$aCORBA Security
000000083 6531_ $$aCORBA
000000083 6531_ $$aAccess Control Models and Languages
000000083 8560_ $$fqiangw@ece.ubc.ca
000000083 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/83/files/83.pdf$$yTransfer from CDS 0.99.7
000000083 909C4 $$c55-65$$pProceedings of the Fourth ACM Workshop on
						Role-Based Access Control, Fairfax, Virginia, USA$$yOctober, 1999
000000083 980__ $$aRefConfPaper