Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Supporting Relationships in Access Control Using Role Based Access Control

Published

Author(s)

John Barkley, Konstantin Benznosov, Jinny Uppal

Abstract

The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other factors, in particular, relationships between entities, such as, the user, the object to be accessed, the subject of the information contained within the object. Such relationships are often not efficiently represented using traditional static security attributes centrally administered. Furthermore, the extension of RBAC models to include relationships obscures the fundamental RBAC metaphor.This paper furthers the concept of relationships for use in access control, and it shows how relationships can be supported in role based access decisions by using the Object Management Group's (OMG) Resource Access Decision facility (RAD) nearing adoption. This facility allows relationship information, which can dynamically change as part of normal application processing, to be used in access decisions by applications. The access decision logic is separate from application logic. In addition, RAD allows access decision logic from different models to be combined into a single access decision. Each access control model is thus able to retain its metaphor.
Proceedings Title
Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC '99)
Conference Dates
October 28-29, 1999
Conference Location
Fairfax, VA
Conference Title
Fourth ACM Workshop on Role-Based Access Control (RBAC '99)

Keywords

access control, computer security, RBAC, Resource Access Decision facility (RAD), Role-Based Access Control

Citation

Barkley, J. , Benznosov, K. and Uppal, J. (1999), Supporting Relationships in Access Control Using Role Based Access Control, Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC '99), Fairfax, VA, [online], https://doi.org/10.1145/319171.319177 (Accessed June 14, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 29, 1999, Updated November 10, 2018