The Imposition of Protocols Over Open Distributed Systems
IEEE Transactions on Software Engineering
Role-Based Access Control Models
Computer
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
An approach to engineer and enforce context constraints in an RBAC environment
Proceedings of the eighth ACM symposium on Access control models and technologies
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Generalized Role-Based Access Control
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A System to Specify and Manage Multipolicy Access Control Models
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Formal Treatment of Certificate Revocation Under Communal Access Control
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Formalization and management of group obligations
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Decentralized governance of distributed systems via interaction control
Logic Programs, Norms and Action
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
| Hi-index | 0.00 |
This paper maintains that for an access-control (AC) mechanism tosupport a wide range of policies, it is best to dispense with any built-insemantics for roles in the mechanism itself---be it the semantics of RBAC, orany other---leaving such semantics to be defined by particular policies. Inother words, an AC mechanism should be sensitive to roles, allowingspecific policies to take roles into account for their authorizationdecisions. But it should not be based on any particular interpretationof the structure of roles, or of their effect on access control. The validity of this assertion is demonstrated by showing that a mechanismcalled Law-governed interaction (LGI), which has no built-in concept of roles,can nevertheless support a wide range of policies that take roles intoaccount. These include RBAC itself, its various generalizations, as well asconcepts like budgetary controls, which seems to be quite inconsistent withRBAC. All such policies can be formulated, deployed, and enforced, via asingle scalable, and fully implemented LGI mechanism.