Modelling emergency response communities using RBAC principles

One of the main design challenges of any Emergency Management System (EMS) is the diversity of users and responsibilities that must be considered. Modelling the access capabilities of different communities of users is a relevant concern for which the RBAC (Role-Based Access Control) paradigm provides flexible and powerful constructs. In this paper we describe how we used an RBAC meta-model to specify at different levels of abstraction the access policy of a specific EMS called ARCE (“Aplicacion en Red para Casos de Emergencia”). This approach has made it possible to face access modelling at earlier development stages, so that stakeholders got involved in analytical and empirical evaluations to test the correctness and effectiveness of the access policy. Moreover, since the RBAC meta-model is embedded into a web engineering method, we put into practice a holistic process which addresses different design perspectives (structure, navigation, presentation, interaction and access) in an integrated way.