A model of OASIS role-based access control and its support for active security

Authors:
Walt Yao;Ken Moody;Jean Bacon
Affiliations:
Univ. of Cambridge, Cambridge, U.K.;Univ. of Cambridge, Cambridge, U.K.;Univ. of Cambridge, Cambridge, U.K.
Venue:
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Year:
2001

Citing 19
Cited 29

Role-Based Access Control Models

Computer
A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role activation hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Towards a more complete model of role

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Control principles and role hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Team-and-role-based organizational context and access control for cooperative hypermedia environments

Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots
The role graph model and conflict of interest

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A role-based access control model and reference implementation within a corporate intranet

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The uses of role hierarchies in access control

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An architecture for distributed OASIS services

IFIP/ACM International Conference on Distributed systems platforms
Generic Support for Distributed Applications

Computer
Access Rights Administration in Role-Based Security Systems

Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Framework for role-based delegation models

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations

Administrative scope and role hierarchy operations

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security

ACM Transactions on Information and System Security (TISSEC)
Access Control and Trust in the Use of Widely Distributed Services

Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Administrative scope: A foundation for role-based administrative models

ACM Transactions on Information and System Security (TISSEC)
An approach to engineer and enforce context constraints in an RBAC environment

Proceedings of the eighth ACM symposium on Access control models and technologies
Induced role hierarchies with attribute-based RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Access control and trust in the use of widely distributed services

Software—Practice & Experience - Special issue: Middleware
Meta-Policies for Distributed Role-Based Access Control Systems

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A rule-based framework for role-based delegation and revocation

ACM Transactions on Information and System Security (TISSEC)
An integrated approach to engineer and enforce context constraints in RBAC environments

ACM Transactions on Information and System Security (TISSEC)
A rule-based framework for role-based constrained delegation

InfoSecu '04 Proceedings of the 3rd international conference on Information security
Access control in collaborative systems

ACM Computing Surveys (CSUR)
Resource aware programming

ACM Transactions on Programming Languages and Systems (TOPLAS)
Mediation security specification and enforcement for heterogeneous databases

Proceedings of the 2005 ACM symposium on Applied computing
Secure context-sensitive authorization

Pervasive and Mobile Computing
A framework for role-based group deligation in distributed environments

ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
DW-RBAC: A formal security model of delegation and revocation in workflow systems

Information Systems
Secure collaborations over message boards

International Journal of Security and Networks
Synthesising verified access control systems through model checking

Journal of Computer Security
Protecting Information Sharing in Distributed Collaborative Environment

Advanced Web and NetworkTechnologies, and Applications
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time

International Journal of Information and Computer Security
Dynamic, context-aware, least-privilege grid delegation

GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
Fidelis: a policy-driven trust management framework

iTrust'03 Proceedings of the 1st international conference on Trust management
From ASTD access control policies to WS-BPEL processes deployed in a SOA environment

WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
From business process choreography to authorization policies

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Role-Based delegation with negative authorization

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
PlexC: a policy language for exposure control

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Survey: Usage control in computer security: A survey

Computer Science Review
Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments

International Journal of Systems and Service-Oriented Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

OASIS is a role-based access control architecture for achieving secure interoperation of services in an open, distributed environment. Services define roles and implement formally specified policy for role activation and service use; users must present the required credentials, in the specified context, in order to activate a role or invoke a service. Roles are activated for the duration of a session only. In addition, a role is deactivated immediately if any of the conditions of the membership rule associated with its activation becomes false.OASIS does not use role delegation but instead defines the notion of appointment, whereby a user in some role may issue an \actright{} to some other user. The role activation conditions of services may include \actright{}s, prerequisite roles and environmental constraints.We motivate our approach and formalise OASIS. First, a basic model is presented followed by an extended model which includes parameterisation.