The concepts and benefits of Role-Based Access Control (RBAC) are first reviewed. As an example of enhanced authorisation functionality, the Tees Confidentiality Model (TCM), which is an authorisation model suitable for complex web applications in addition to computer systems administration is then presented. The TCM is based on a range of permission types, called Confidentiality Permission Types, which are processed in a defined order. Confidentiality permissions may have negative values (i.e. they may deny access), and may be overridden by authorised users in carefully specified ways. An arbitrary number of Authorisation Classifiers for users and protected objects may be specified. Confidentiality Permission Types are defined in terms of classifiers. A single concept of Collection is used for structuring classifier values, including roles, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions specify inheritance within collections, thereby providing a mechanism for confidentiality permission assignment. A demanding scenario from electronic health records is used to illustrate the power of the model.
[1]
Mark Strembeck,et al.
An integrated approach to engineer and enforce context constraints in RBAC environments
,
2004,
TSEC.
[2]
Jean Bacon,et al.
A model of OASIS role-based access control and its support for active security
,
2002,
ACM Trans. Inf. Syst. Secur..
[3]
Ramaswamy Chandramouli,et al.
The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms
,
2001,
ACM Trans. Inf. Syst. Secur..
[4]
Sylvia L. Osborn,et al.
Modeling users in role-based access control
,
2000,
RBAC '00.