Conference Paper

An object-oriented organizational model to support dynamic role-based access control in electronic commerce applications

Birkbeck Coll., London Univ.
DOI: 10.1109/HICSS.1999.773053 Conference: System Sciences, 1999. HICSS-32. Proceedings of the 32nd Annual Hawaii International Conference on, Volume: Track8
Source: DBLP

ABSTRACT Role-based access control (RBAC) provides flexibility to security
management over the traditional approach of using user and group
identifiers. In RBAC, access privileges are given to roles rather than
to individual users. Users acquire the corresponding permissions when
playing different roles. Roles can be defined simply as a label, but
such an approach lacks the support to allow users to automatically
change roles under different contexts; this static method also adds
administrative overheads in role assignment. In electronic commerce and
other cooperative computing environments, access to shared resources has
to be controlled in the context of the entire business process; it is
therefore necessary to model dynamic roles as a function of resource
attributes and contextual information. In this paper, an object-oriented
organizational model, OMM, is presented as an underlying model to
support dynamic role definition and role resolution in RBAC. The paper
describes the OMM reference model and shows how it can be applied
flexibly to capture the different classes of resources within a
corporation, and to maintain the complex and dynamic roles and
relationships between the resource objects. Administrative tools use the
role model in OMM to define security policies for role definition and
role assignment. At runtime, the resource manager queries the OMM system
to resolve roles in order to authorize any access attempts. Similarly,
cooperative computing software uses OMM to support task assignment and
access control to business processes. Contrary to traditional
approaches, OMM separates the organization model from the application
model; thus it allows independent and flexible role modeling to reflect
realistically a dynamic authorization subsystem in a rapidly changing
business world

0 Followers
 · 
64 Views
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care domain. We suggest a new model that provides solutions to specify such contextual security policies. This model, called organization based access control, is presented using a formal language based on first-order logic.
    Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on; 07/2003
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a "typed" role hierarchy. In a "typed" role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a "typed" role hierarchy. Since the "typed" nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies
    Computer Software and Applications Conference, 2001. COMPSAC 2001. 25th Annual International; 02/2001
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Workflow systems bring a new technology available to organisations enabling them to support the computerised automation of their business processes. Regardless of full support from information technology, most business processes rely considerably on the human resources of the organisation. Within a workflow management system, the correct modelling of human resources is an important issue affecting the overall performance of the system. In this paper, modelling the resource manager for the human resources is mainly considered and a Petri net-based approach is proposed. The resulting model can be used for both qualitative analyses, e.g. checking the correctness of resource assignment, and quantitative analyses, e.g. performance evaluation of the system.

Preview

Download
3 Downloads
Available from