Title :
Constraint access control for direct authorization
Author :
Han, Wei-Li ; Shi, Xing-Dong ; Li, Yin-Sheng
Author_Institution :
Sch. of Software, Fudan Univ., Shanghai, China
Abstract :
Constraint is an important aspect of role-based access control (RBAC) and is sometimes considered to be the principal motivation for RBAC. Current major RBAC systems generally do not support constraints, or support constraints only in pure RBAC mode. But a few practical systems need direct authorization to ease permission administration. To achieve this purpose, this paper probes into the problem of constraints in mixed access control. This mainly adopts RBAC and supports direct authorization. Firstly, the paper discusses constraints in mixed access control. In this part, the paper presents the concept of permission constraint, and analyzes the relationships between permission constraint and role constraint. Secondly, some key properties of constraints are identified and proofed formally. Finally, the paper introduces permissions administration in a drawing management module of an enterprise information system, as a case to study the problem of constraints in mixed access control.
Keywords :
authorisation; groupware; management information systems; RBAC system; constraint access control; direct authorization; drawing management module; enterprise information system; mixed access control; permission administration; role-based access control; Access control; Application software; Authorization; Collaborative work; Information security; Information systems; Management information systems; Permission; Probes;
Conference_Titel :
Computer Supported Cooperative Work in Design, 2005. Proceedings of the Ninth International Conference on
Print_ISBN :
1-84600-002-5
DOI :
10.1109/CSCWD.2005.194147
