Obligation for Role Based Access Control

Zhao, Gansen and Chadwick, David W. and Otenko, Sassa (2007) Obligation for Role Based Access Control. In: IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS07). (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided)

The full text of this publication is not available from this repository. (Contact us about this Publication)


Role based access control has been widely used in security critical systems. Conventional role based access control is a passive model, which makes authorization decisions on requests, and the authorization decisions contain only information about whether the corresponding requests are authorised or not. One of the potential improvements for role based access control is the augmentation of obligations, where obligations are tasked and requirements to be fulfilled together with the enforcement of authorization decisions. This paper conducts a comprehensive literature review about role based access control and obligation related research, and proposes a design of the augmentation of obligations in the context of RBAC standard. The design is then further consolidated in the PERMIS RBAC authorization infrastructure. Details of incorporating obligations into the PERMIS RBAC authorization infrastructure are given. This paper also discusses the possible nondeterminism caused by overlapped authorisation.

Item Type: Conference or workshop item (UNSPECIFIED)
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 29 Mar 2010 12:09
Last Modified: 14 May 2014 10:49
Resource URI: https://kar.kent.ac.uk/id/eprint/23994 (The current URI for this page, for reference purposes)
  • Depositors only (login required):