Title :
Classification Model for Access Control Constraints
Author :
Kohler, Mathias ; Liesegang, Christian ; Schaad, Andreas
Author_Institution :
SAP AG
Abstract :
Whether access is given to a protected entity is decided upon evaluation of access control constraints. Though some initial approaches to classify access control constraints can be identified in the current literature, they must be considered as too broad with respect to today´s multi-layered system landscapes. In this paper we present a classification model for authorization constraint types extracted from recent publications. We identify common restriction characteristics and classify the constraint types depending on their information sources necessary for constraint evaluation. We identified the following authorization classes: authentication, ontology, environment, and activity. We further propose a system architecture supporting these classes. We map our model architecture onto the Windows 2003 Authorization Manager, identify the components equal to our proposed architecture and emphasize which authorization classes are supported. We therefore show the applicability of our model to analyze existing authorization systems and determine the supported constraints.
Keywords :
authorisation; classification; ontologies (artificial intelligence); Windows 2003 Authorization Manager; access control constraints; authentication; authorization constraint types; classification model; multi-layered system; ontology; Access control; Authentication; Authorization; Data mining; Middleware; Ontologies; Performance evaluation; Permission; Protection;
Conference_Titel :
Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE Internationa
Conference_Location :
New Orleans, LA
Print_ISBN :
1-4244-1138-6
Electronic_ISBN :
1097-2641
DOI :
10.1109/PCCC.2007.358921
