Abstract | ||
---|---|---|
This paper describes an extended role-based access control (RBAC) model, which makes RBAC sensitive to the context of an attempted operation. Traditional RBAC does not specify whether the permissions associated with a role enable access to a particular object, or to some subset of objects belonging to a class. We extend the model by introducing the notions of role context and context filters. Context filters are Boolean expressions based on the context of the user attempting the operation, as well as the context of the object upon which the operation is attempted. By supplying context filters during the definition of a role, a security administrator can easily limit the applicability of users' role memberships to particular subsets of the target objects. We also describe our implementation of the model in a web-services platform, to illustrate how this technique is particularly valuable when the data is hierarchically structured. |
Year | DOI | Venue |
---|---|---|
2002 | 10.1145/567331.567336 | Operating Systems Review |
Keywords | Field | DocType |
attempted operation,context filter,context sensitivity,traditional rbac,boolean expression,target object,extended role-based access control,particular subsets,role membership,role context,particular object,web service,role based access control | Context-sensitive language,Authentication,Computer security,Computer science,Cryptography,Role-based access control,Context model,Human–computer interaction,Access control,Password,Boolean expression,Distributed computing | Journal |
Volume | Issue | Citations |
36 | 3 | 56 |
PageRank | References | Authors |
2.98 | 12 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Arun Kumar | 1 | 595 | 51.04 |
Neeran Karnik | 2 | 234 | 12.95 |
Girish Chafle | 3 | 265 | 13.90 |