Using Role-Templates for Handling Recurring Role Structures

Wolfgang Essmayr; Elisabeth Kapsammer; A Min Tjoa; Roland Wagner

Using Role-Templates for Handling Recurring Role Structures

Wolfgang Essmayr
, Elisabeth Kapsammer
, A Min Tjoa
, Roland Wagner

Institute for Application-oriented Knowledge Processing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

Role-based access controls (RBAC) have been proposed as a design and implementation approach to discretionary access controls (DAC) more apt to the requirements of commercial enterprise environments. As advantages can be mentioned centralized security administration, separation of duty and least privilege properties. However, the nature of enterprises often entails recurring sub-structures like departments, projects etc. that cannot yet be handled adequately by the available concepts for role-hierarchies. Therefore, we propose an additional mechanism for administrating role-hierarchies called role-templates. This mechanism allows to specify a generic sub-hierarchy (e.g. a department role-hierarchy) that may be instantiated for each department of the enterprise resulting in an automatically generated, concrete role-hierarchy for the particular department. Furthermore, role-templates may be specialized and have aggregations and associations to other templates making the concept more flexible and semantically expressive. The proposed ideas will be implemented as a prototype within OASIS (Open Architecture Security for Information Systems) dealing with enterprise-wide security, which demands highly configurable access controls for multiple heterogeneous information systems

Original language	English
Title of host publication	Database Security XII: Status and Prospects. 12th IFIP WG 11.3 Conference on Database Security, Chalkidiki, Greece
Number of pages	12
Publication status	Published - Jul 1998

Fields of science

102001 Artificial intelligence
102006 Computer supported cooperative work (CSCW)
102010 Database systems
102014 Information design
102015 Information systems
102016 IT security
102028 Knowledge engineering
102019 Machine learning
102022 Software development
102025 Distributed systems
502007 E-commerce
505002 Data protection
506002 E-government
509018 Knowledge management
202007 Computer integrated manufacturing (CIM)
102033 Data mining
102035 Data science

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Cite this

@inproceedings{d69c6306f0e149cba6c8a5ba3d1c9c6a,

title = "Using Role-Templates for Handling Recurring Role Structures",

abstract = "Role-based access controls (RBAC) have been proposed as a design and implementation approach to discretionary access controls (DAC) more apt to the requirements of commercial enterprise environments. As advantages can be mentioned centralized security administration, separation of duty and least privilege properties. However, the nature of enterprises often entails recurring sub-structures like departments, projects etc. that cannot yet be handled adequately by the available concepts for role-hierarchies. Therefore, we propose an additional mechanism for administrating role-hierarchies called role-templates. This mechanism allows to specify a generic sub-hierarchy (e.g. a department role-hierarchy) that may be instantiated for each department of the enterprise resulting in an automatically generated, concrete role-hierarchy for the particular department. Furthermore, role-templates may be specialized and have aggregations and associations to other templates making the concept more flexible and semantically expressive. The proposed ideas will be implemented as a prototype within OASIS (Open Architecture Security for Information Systems) dealing with enterprise-wide security, which demands highly configurable access controls for multiple heterogeneous information systems",

author = "Wolfgang Essmayr and Elisabeth Kapsammer and Tjoa, \{A Min\} and Roland Wagner",

year = "1998",

month = jul,

language = "English",

isbn = "0-7923-8488-1",

booktitle = "Database Security XII: Status and Prospects. 12th IFIP WG 11.3 Conference on Database Security, Chalkidiki, Greece",

}

TY - GEN

T1 - Using Role-Templates for Handling Recurring Role Structures

AU - Essmayr, Wolfgang

AU - Kapsammer, Elisabeth

AU - Tjoa, A Min

AU - Wagner, Roland

PY - 1998/7

Y1 - 1998/7

N2 - Role-based access controls (RBAC) have been proposed as a design and implementation approach to discretionary access controls (DAC) more apt to the requirements of commercial enterprise environments. As advantages can be mentioned centralized security administration, separation of duty and least privilege properties. However, the nature of enterprises often entails recurring sub-structures like departments, projects etc. that cannot yet be handled adequately by the available concepts for role-hierarchies. Therefore, we propose an additional mechanism for administrating role-hierarchies called role-templates. This mechanism allows to specify a generic sub-hierarchy (e.g. a department role-hierarchy) that may be instantiated for each department of the enterprise resulting in an automatically generated, concrete role-hierarchy for the particular department. Furthermore, role-templates may be specialized and have aggregations and associations to other templates making the concept more flexible and semantically expressive. The proposed ideas will be implemented as a prototype within OASIS (Open Architecture Security for Information Systems) dealing with enterprise-wide security, which demands highly configurable access controls for multiple heterogeneous information systems

AB - Role-based access controls (RBAC) have been proposed as a design and implementation approach to discretionary access controls (DAC) more apt to the requirements of commercial enterprise environments. As advantages can be mentioned centralized security administration, separation of duty and least privilege properties. However, the nature of enterprises often entails recurring sub-structures like departments, projects etc. that cannot yet be handled adequately by the available concepts for role-hierarchies. Therefore, we propose an additional mechanism for administrating role-hierarchies called role-templates. This mechanism allows to specify a generic sub-hierarchy (e.g. a department role-hierarchy) that may be instantiated for each department of the enterprise resulting in an automatically generated, concrete role-hierarchy for the particular department. Furthermore, role-templates may be specialized and have aggregations and associations to other templates making the concept more flexible and semantically expressive. The proposed ideas will be implemented as a prototype within OASIS (Open Architecture Security for Information Systems) dealing with enterprise-wide security, which demands highly configurable access controls for multiple heterogeneous information systems

M3 - Conference proceedings

SN - 0-7923-8488-1

BT - Database Security XII: Status and Prospects. 12th IFIP WG 11.3 Conference on Database Security, Chalkidiki, Greece

ER -