Integrating Attribute and Status Constraint into the RBAC Model for Access Control in Ubiquitous Systems

It now becomes a trend to implement the interconnections between resources as well as services in ubiquitous systems. Attribute-based authorization mechanisms, protocols and systems are gaining in popularity, such as SAML, XACML, Shibboleth, etc. However, their management efficiency could be further improved. The Role-based Access Control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. However, RBAC is still not flexible enough to address various application scenarios in ubiquitous systems. We propose a new architecture for access control in ubiquitous systems that impose attribute and status constraints on the RBAC model, which can significantly enhance the generality and flexibility of authorization by integrating the advantages of RBAC and attributed- based access control models. Moreover, the state mechanism proposed in this architecture captures the states of the authorization elements so as to reflect the outcomes of the authorization control. Finally, we analyze the flexibility and generality of this architecture in ubiquitous systems.