Supporting Relationships in Access Control Using Role Based Access Control

John Barkley ; Konstantin Beznosov ; Jinny Uppal ; John Barkley ; Konstantin Beznosov ; Jinny Uppal

16 October 2005

Abstract: The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other factors, in particular, relationships between entities, such as, the user, the object to be accessed, and the subject of the information contained within the object. Such relationships are often not efficiently represented using traditional static security attributes centrally administered. Furthermore, the extension of RBAC models to include relationships obscures the fundamental RBAC metaphor. This paper furthers the concept of relationships for use in access control, and it shows how relationships can be supported in role based access decisions by using the Object Management Group’s (OMG) Resource Access Decision facility (RAD). This facility allows relationship information, which can dynamically change as part of normal application processing, to be used in access decisions by applications. By using RAD, the access decision logic is separate from application logic. In addition, RAD allows access decision logic from different models to be combined into a single access decision. Each access control model is thus able to retain its metaphor.

Keyword(s): Rel-BAC ; RAD ; RBAC ; CORBA Security ; CORBA ; Access Control Models and Languages

Published in: Proceedings of the Fourth ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA: (October, 1999) pp. 55-65

The record appears in these collections:
Access Control Models and Languages
Refereed Conference Papers

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)