Designing role hierarchies for access control in workflow systems Export

@inproceedings{citeulike:2806749, abstract = {Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a "typed" role hierarchy. In a "typed" role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a "typed" role hierarchy. Since the "typed" nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies}, author = {Botha, R. A. and Eloff, J. H. P.}, booktitle = {Computer Software and Applications Conference, 2001. COMPSAC 2001. 25th Annual International}, citeulike-article-id = {2806749}, citeulike-linkout-0 = {http://dx.doi.org/10.1109/CMPSAC.2001.960606}, citeulike-linkout-1 = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=960606}, doi = {10.1109/CMPSAC.2001.960606}, journal = {Computer Software and Applications Conference, 2001. COMPSAC 2001. 25th Annual International}, keywords = {access, access\_control, rbac}, pages = {117--122}, posted-at = {2008-05-17 11:15:48}, priority = {0}, title = {Designing role hierarchies for access control in workflow systems}, url = {http://dx.doi.org/10.1109/CMPSAC.2001.960606}, year = {2001} }

TY - CONF ID - citeulike:2806749 L3 - citeulike-article-id:2806749 N2 - Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a "typed" role hierarchy. In a "typed" role hierarchy a role is of a specific type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a "typed" role hierarchy. Since the "typed" nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies JF - Computer Software and Applications Conference, 2001. COMPSAC 2001. 25th Annual International EP - 122 TI - Designing role hierarchies for access control in workflow systems T2 - Computer Software and Applications Conference, 2001. COMPSAC 2001. 25th Annual International SP - 117 KW - access KW - access_control KW - rbac AU - Botha, RA AU - Eloff, JHP PY - 2001/// UR - http://dx.doi.org/10.1109/CMPSAC.2001.960606 ER -