Specification of management policies and discretionary access control
Network and distributed systems management
Role-Based Access Control Models
Computer
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Towards a more complete model of role
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The uses of role hierarchies in access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
PostgreSQL: introduction and concepts
PostgreSQL: introduction and concepts
On the specification and evolution of access control policies
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
ACM SIGAda Ada Letters
Toward open, secure, widely distributed services
Communications of the ACM - Adaptive middleware
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Using Events to Build Distributed Applications
SDNE '95 Proceedings of the 2nd International Workshop on Services in Distributed and Networked Environments
Policies in Accountable Contracts
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Meta-Policies for Distributed Role-Based Access Control Systems
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Mobile-driven architecture for managing enterprise security policies
Proceedings of the 44th annual Southeast regional conference
A trust-based noise injection strategy for privacy protection in cloud
Software—Practice & Experience
| Hi-index | 0.00 |
OASIS is a role-based access control (RBAC) architecture for achieving secure interoperation of independently managed services in an open, distributed environment. OASIS differs from other RBAC schemes in a number of ways: role management is decentralized, roles are parametrized, roles are activated within sessions and privileges are not delegated. OASIS depends on an active middleware platform to notify services of any relevant changes in their environment.Services define roles and establish formally specified policy for role activation and service use (authorization); users must present the required credentials and satisfy specified constraints in order to activate a role or invoke a service. The membership rule of a role indicates which of the role activation conditions must remain true while the role is active. A role is deactivated immediately if any of the conditions of the membership rule associated with its activation become false.OASIS introduces the notion of appointment, whereby being active in certain roles carries the privilege of issuing appointment certificates to other users. Appointment certificates capture the notion of long-lived credentials such as academic and professional qualification or membership of an organization. The role activation conditions of a service may include appointment certificates, prerequisite roles and environmental constraints.The role activation and authorization policies of services within an administrative domain need not embody role hierarchies nor enforce privilege delegation. But OASIS is sufficiently flexible to capture such notions, through prerequisite roles and appointments, if they are required within an application domain.We define the model and architecture and discuss engineering details, including security issues. We illustrate how an OASIS session can span multiple domains and we propose a minimal infrastructure to enable widely distributed, independently developed services to enter into agreements to respect each other's credentials. In a multi-domain system access control policy may come from multiple sources and must be expressed, enforced and managed. In order to respond to changing relationships between organizations it should be easy to allow role holders in one domain to obtain privileges in another. Our approach to policy and meta-policy management is described.We speculate on a further extension to mutually unknown, and therefore untrusted, parties. Each party will accumulate audit certificates which embody its interaction history and which may form the basis of a web of trust.