Role-Based Access Control Models
Computer
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Managing role/permission relationships using object access types
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Formal specification for role based access control user/role and role/role relationship management
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Three for one: role-based access-control management in rapidly changing heterogeneous environments
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Communications of the ACM
Structured management of role-permission relationships
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Lattice-Based Access Control Models
Computer
Tower: A Language for Role Based Access Control
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A Policy Based Management Architecture for Large Scale Active Communication Systems
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Taxonomy and Description of Policy Combination Methods
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
The ARBAC99 Model for Administration of Roles
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Secure role activation and authorization in the enterprise environment
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
| Hi-index | 0.04 |
We present a model for policy administration structures. The model consists of a mathematical notation that captures the relationship between policies and objects and the entities that manage policies for those objects. In the model a system is viewed as consisting of a number of policy administration domains. The domains are arranged in a hierarchy, representing descending levels of authority. The presence of an object in a domain represents the ability of the manager of that domain to write policy for that object. A number of important issues for policy administration are identified and addressed within the model. These include meta-policy questions, such as who has control over the placement of an object in a policy administration domain and where it can be moved within the hierarchy. A number of possible approaches to each of these questions is identified and expressed in the notation presented. The model is capable of expressing policy administration in DAC, MAC and combined systems.