Skip to main content

RBAC What? Development of a Role-Based Access Control Policy Writing Tool for E-Scientists

Brostoff, Sacha, Sassea, M.Angela, Chadwick, David W., Cunningham, James, Mbanaso, Uche, Otenko, Sassa (2004) RBAC What? Development of a Role-Based Access Control Policy Writing Tool for E-Scientists. In: Workshop on Grid Security Practice and Experience, Oxford, UK. 35. pp. 835-856. (doi:10.1002/spe.691) (KAR id:14120)

Microsoft Word
Language: English
Download (312kB)
[thumbnail of RBACWhat.doc]
This file may not be suitable for users of assistive technology.
Request an accessible format
PDF
Language: English
Download (505kB) Preview
[thumbnail of RBACWhat.pdf]
Preview
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL
http://dx.doi.org/10.1002/spe.691

Abstract

A lightweight role-based access control policy authoring tool was developed for e-Scientists, a community for which access policies have to be implemented for an increasingly heterogeneous group of local and remote users. Two fundamental problems were identified: (1) lack of understanding of what the policy components are (i.e. how authorization policies are structured), and (2) lack of understanding of the underlying policy paradigm (i.e. what should go into the policy, and what should be left out). Conceptual design (CD) techniques were used to revise the user interface (UI) labels so that e-Scientists and developers were better able to describe access policy components from labels, and match labels with components (t = 6.28, df = 7, p = 0.000 two-tailed). CD, instructional text, bubble help, UI behaviour and alert boxes were used to shape users' models of the policy paradigm. The final prototype improved users' efficiency and effectiveness by more than doubling the speed with which expert users could write authorization policies, and facilitating users without specialist security knowledge to overcome the policy paradigm and components problems, enabling them to complete 80% of basic and 75% of advanced authorization policy-writing tasks in a usability trial.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.1002/spe.691
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:01 UTC
Last Modified: 16 Feb 2021 12:24 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/14120 (The current URI for this page, for reference purposes)
Chadwick, David W.: https://orcid.org/0000-0003-3145-055X
  • Depositors only (login required):

Downloads

Downloads per month over past year