Constraint access control for direct authorization

Author

Han, Wei-Li ; Shi, Xing-Dong ; Li, Yin-Sheng

Author_Institution

Sch. of Software, Fudan Univ., Shanghai, China

Volume

1

fYear

2005

fDate

24-26 May 2005

Firstpage

69

Abstract

Constraint is an important aspect of role-based access control (RBAC) and is sometimes considered to be the principal motivation for RBAC. Current major RBAC systems generally do not support constraints, or support constraints only in pure RBAC mode. But a few practical systems need direct authorization to ease permission administration. To achieve this purpose, this paper probes into the problem of constraints in mixed access control. This mainly adopts RBAC and supports direct authorization. Firstly, the paper discusses constraints in mixed access control. In this part, the paper presents the concept of permission constraint, and analyzes the relationships between permission constraint and role constraint. Secondly, some key properties of constraints are identified and proofed formally. Finally, the paper introduces permissions administration in a drawing management module of an enterprise information system, as a case to study the problem of constraints in mixed access control.

Keywords

authorisation; groupware; management information systems; RBAC system; constraint access control; direct authorization; drawing management module; enterprise information system; mixed access control; permission administration; role-based access control; Access control; Application software; Authorization; Collaborative work; Information security; Information systems; Management information systems; Permission; Probes;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Supported Cooperative Work in Design, 2005. Proceedings of the Ninth International Conference on

Print_ISBN

1-84600-002-5

Type

conf

DOI

10.1109/CSCWD.2005.194147

Filename

1504053