Three for one: role-based access-control management in rapidly changing heterogeneous environments

  • Authors:

  • Axel Mönkeberg;René Rakete

  • Affiliations:

  • Swiss Re, Mythenquai 50/60, CH-8022, Zurich;QualiFair AG, Mühlerain 35, 8706 Meilen

  • Venue:
  • RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
  • Year:
  • 2000

Quantified Score

Hi-index 0.01

Visualization

Abstract

We describe a maintenance tool for role-based access-control (RBAC0, RBAC1 and RBAC2 [1]), implemented in a Swiss bank. Concept and implementation of the system is as far as possible independent of operating system and vendors. The tool supports the maintenance of the access control interface to database systems, operating systems, web server and application systems (e.g. workflow management systems [9], OLAP tools and analytic tools).It is based on the principle of using a system independent access-control specification-language (ADL), a repository for static definition and runtime data, a target system independent access-control command language (CDL) and a set of different target system specific implementations of the access-control maintenance interfaces (TDL).The system is able to maintain the access control interfaces of passive systems (e.g. common DBMS [5],[6],[7] and OS [8],[12],[10]) and supports also the access control mechanism of active systems. Active systems have no own authorization control mechanism implemented. Active systems check the authorization of operations of a particular user by calling a “central” authorization instance.The system is implemented in Java and SQL and uses the CORBA IIOP communication protocol.