A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
RBAC on the Web by smart certificates
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
RBAC on the Web by Secure Cookies
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Role-Based Access Control
Role activation management in role based access control
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
| Hi-index | 0.00 |
Role Based Access Control (RBAC) [3] is a popular approach to specify and enforce security policies in organizations. In large enterprise systems, the number of users, roles and permissions can be in hundreds or thousands and the security management can be a tedious task. One way to simplify the security management in RBAC is to allow the specification and the enforcement of dynamic constraints to be decentralized [7]. In this paper, we discuss the issues for supporting secure role activation and authorization when the decentralized approach to role activation management is adopted. Secure protocols are proposed to handle the processes of role assignment, role activation and authorization.