Role-Based Access Control Models
Computer
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Induced role hierarchies with attribute-based RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Model for Attribute-Based User-Role Assignment
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Jess in Action: Java Rule-Based Systems
Jess in Action: Java Rule-Based Systems
Role-Based Access Control
Proceedings of the ninth ACM symposium on Access control models and technologies
Rule-Based RBAC with Negative Authorization
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
An Annotation-Based Access Control Model and Tools for Collaborative Information Spaces
WSKS '08 Proceedings of the 1st world summit on The Knowledge Society: Emerging Technologies and Information Systems for the Knowledge Society
Uncle-Share: Annotation-Based Access Control for Cooperative and Social Systems
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Role based access control for a medical database
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
Supporting role based provisioning with rules using OWL and F-logic
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Annotation-based access control for collaborative information spaces
Computers in Human Behavior
Adoption of information technology policies in the tourism sector in the era of WEB2.0
WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
A framework integrating attribute-based policies into role-based access control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
| Hi-index | 0.00 |
The administration of users and access rights in large enterprises is a complex and challenging task. Role-based access control (RBAC) is a powerful concept for simplifying access control. In particular, Enterprise Roles spanning across different IT systems are increasingly used as a basis for company-wide security management. However, the administration of roles in large organisations can become quite cumbersome and needs to be automated.During the past years, rules have been used to support automation of user and access rights administration. We discuss different rule-based approaches and propose a new method called rule-based provisioning of roles which combines the advantages of rules and roles.Experiences made during implementation of this approach are presented in two case studies. The results are evaluated and show that role-based access control in combination with rule-based provisioning can be successfully used in practice. A high level of automation can be achieved.