Role-based authorization constraints specification using Object Constraint Language

The purpose of access control is to limit the actions on a computer system that a legitimate user can perform. Role-based access control (RBAC) has generated great interest in the security community as a flexible approach in access control. An important aspect of RBAC is constraints that constrain what components in RBAC are allowed to do. Although researchers have identified useful constraints using formal specification languages such as RCL2000, there still exists a demand to have constraint specification languages for system developers who are working on secure systems development. The authors discuss another approach to specifying constraints using a de facto constraint specification language in the software engineering arena. We use a declarative language, Object Constraint Language (OCL) that is part of the Unified Modeling Language (UML) and has been used in object oriented analysis and design. We describe how to specify previously identified role-based authorization constraints, and the future direction of this work is also addressed