Role Activation Management in Role Based Access Control

Role Based Access Control (RBAC) [6] is a popular approach to specify and enforce security policies in organizations. In RBAC, users are not directly assigned permission but with the use of roles as the intermediary. Role activation is one important component in RBAC. A user may activate a subset of his/her assigned roles to exercise the associated permission. This paper proposes a number of ways in which the role activation constraints can be specified and enforced in the enterprise environment. Also, an access control model and an authorization process are proposed to support the specification and enforcement of dynamic separation of duty constraints in a decentralized manner.

[1]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[2]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[3]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[5]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[6]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[7]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[8]  Ravi S. Sandhu,et al.  RBAC on the Web by Secure Cookies , 1999, DBSec.

[9]  Jadwiga Indulska,et al.  Dynamic policy model for large evolving enterprises , 2001, Proceedings Fifth IEEE International Enterprise Distributed Object Computing Conference.

[10]  Najam Perwaiz Structured management of role-permission relationships , 2001, SACMAT '01.

[11]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[12]  Elisa Bertino,et al.  X-gtrbac admin: A decentralized administration model for enterprise-wide access control , 2005 .

[13]  Jean Bacon,et al.  An Architecture for Distributed OASIS Services , 2000, Middleware.

[14]  Ravi Sandhu,et al.  Push Architectures for User Role Assignment , 2000 .

[15]  Ramaswamy Chandramouli,et al.  Role-Based Access Control Features in Commercial Database Management Systems , 1998 .