Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Towards a more complete model of role
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Control principles and role hierarchies
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The uses of role hierarchies in access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Administrative scope and role hierarchy operations
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Access Control and Trust in the Use of Widely Distributed Services
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
An approach to engineer and enforce context constraints in an RBAC environment
Proceedings of the eighth ACM symposium on Access control models and technologies
Induced role hierarchies with attribute-based RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Access control and trust in the use of widely distributed services
Software—Practice & Experience - Special issue: Middleware
Meta-Policies for Distributed Role-Based Access Control Systems
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
A rule-based framework for role-based constrained delegation
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Access control in collaborative systems
ACM Computing Surveys (CSUR)
ACM Transactions on Programming Languages and Systems (TOPLAS)
Mediation security specification and enforcement for heterogeneous databases
Proceedings of the 2005 ACM symposium on Applied computing
Secure context-sensitive authorization
Pervasive and Mobile Computing
A framework for role-based group deligation in distributed environments
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
Secure collaborations over message boards
International Journal of Security and Networks
Synthesising verified access control systems through model checking
Journal of Computer Security
Protecting Information Sharing in Distributed Collaborative Environment
Advanced Web and NetworkTechnologies, and Applications
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time
International Journal of Information and Computer Security
Dynamic, context-aware, least-privilege grid delegation
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
Fidelis: a policy-driven trust management framework
iTrust'03 Proceedings of the 1st international conference on Trust management
From ASTD access control policies to WS-BPEL processes deployed in a SOA environment
WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
From business process choreography to authorization policies
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Role-Based delegation with negative authorization
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
PlexC: a policy language for exposure control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Survey: Usage control in computer security: A survey
Computer Science Review
Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments
International Journal of Systems and Service-Oriented Engineering
Hi-index | 0.00 |
OASIS is a role-based access control architecture for achieving secure interoperation of services in an open, distributed environment. Services define roles and implement formally specified policy for role activation and service use; users must present the required credentials, in the specified context, in order to activate a role or invoke a service. Roles are activated for the duration of a session only. In addition, a role is deactivated immediately if any of the conditions of the membership rule associated with its activation becomes false.OASIS does not use role delegation but instead defines the notion of appointment, whereby a user in some role may issue an \actright{} to some other user. The role activation conditions of services may include \actright{}s, prerequisite roles and environmental constraints.We motivate our approach and formalise OASIS. First, a basic model is presented followed by an extended model which includes parameterisation.