为工作流系统中的访问控制设计角色层次结构

25th Annual International Computer Software and Applications Conference. COMPSAC 2001 Pub Date : 2001-10-08 DOI:10.1109/CMPSAC.2001.960606

R. Botha, J. Eloff

{"title":"为工作流系统中的访问控制设计角色层次结构","authors":"R. Botha, J. Eloff","doi":"10.1109/CMPSAC.2001.960606","DOIUrl":null,"url":null,"abstract":"Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a \"typed\" role hierarchy. In a \"typed\" role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a \"typed\" role hierarchy. Since the \"typed\" nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies.","PeriodicalId":269568,"journal":{"name":"25th Annual International Computer Software and Applications Conference. COMPSAC 2001","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"Designing role hierarchies for access control in workflow systems\",\"authors\":\"R. Botha, J. Eloff\",\"doi\":\"10.1109/CMPSAC.2001.960606\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a \\\"typed\\\" role hierarchy. In a \\\"typed\\\" role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a \\\"typed\\\" role hierarchy. Since the \\\"typed\\\" nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies.\",\"PeriodicalId\":269568,\"journal\":{\"name\":\"25th Annual International Computer Software and Applications Conference. COMPSAC 2001\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"25th Annual International Computer Software and Applications Conference. COMPSAC 2001\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CMPSAC.2001.960606\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"25th Annual International Computer Software and Applications Conference. COMPSAC 2001","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMPSAC.2001.960606","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 31

摘要

由于基于角色的访问控制(RBAC)中的角色抽象与组织位置的概念之间的对应关系，构造角色层次结构似乎很容易。然而，这是一种误解。本文认为，为了反映功能需求，角色层次结构变得非常复杂。为了简化适合工作流系统中访问控制需求表达的角色层次结构设计，本文提出了一种“类型化”角色层次结构。在“类型化”角色层次结构中，角色具有特定类型。不同类型角色之间的关联受到控制角色层次结构构造的规则的限制。本文提出了一种系统构建“类型化”角色层次的方法。由于角色层次结构的“类型化”性质仅在角色层次结构的构建过程中相关，因此它可以无缝地集成到支持角色层次结构概念的现有RBAC方案中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Designing role hierarchies for access control in workflow systems

Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a "typed" role hierarchy. In a "typed" role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a "typed" role hierarchy. Since the "typed" nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

25th Annual International Computer Software and Applications Conference. COMPSAC 2001

自引率

0.00%

发文量

期刊最新文献

Using SOAP to clean up configuration management An application of data warehouse technology to the measurement system for UML based artifacts InfoSleuth: agent-based system for data integration and analysis Formal and use-case driven requirement analysis in UML A long and winding road (Progress on the road to a software engineering profession)