Affiliation:
1. Block 1, Indian Institute of Technology, Hauz Khas, New Delhi-110016, India
Abstract
This paper describes an extended role-based access control (RBAC) model, which makes RBAC sensitive to the
context
of an attempted operation. Traditional RBAC does not specify whether the permissions associated with a role enable access to a
particular
object, or to some
subset
of objects belonging to a class. We extend the model by introducing the notions of role context and context filters. Context filters are Boolean expressions based on the context of the user attempting the operation, as well as the context of the object upon which the operation is attempted. By supplying context filters during the definition of a role, a security administrator can easily limit the applicability of users' role memberships to particular subsets of the target objects. We also describe our implementation of the model in a web-services platform, to illustrate how this technique is particularly valuable when the data is hierarchically structured.
Publisher
Association for Computing Machinery (ACM)
Reference14 articles.
1. Supporting relationships in access control using role based access control
2. {BEK+00} Don Box David Ehnebuske Gopal Kakivaya Andrew Layman Noah Mendelsohn Henrik Nielsen Satish Thatte and Dave Winer. Simple Object Access Protocol (SOAP) 1.1. http://www.w3.org/TR/SOAP May 2000. {BEK+00} Don Box David Ehnebuske Gopal Kakivaya Andrew Layman Noah Mendelsohn Henrik Nielsen Satish Thatte and Dave Winer. Simple Object Access Protocol (SOAP) 1.1. http://www.w3.org/TR/SOAP May 2000.
3. Securing context-aware applications using environment roles
4. Semantic file systems
Cited by
34 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献