Meta-Policies for Distributed Role-Based Access Control Systems
نویسندگان
چکیده
In this paper meta-policies for access control policies are presented. There has been a lot of research into the various ways of specifying policy for a single domain. Such domains are autonomous and can be managed by the users or by a specific system administrator. It is often helpful to have a more general policy description in order to restrict the ways in which policy can be modified. Meta-policies fill this particular role. With their help changes to policy can be made subject to predefined constraints. Meta-policies are long lived and so can provide users with stable information about the policy of the system. In addition they can provide bodies external to a domain with relevant but restricted information about its policies, so forming a basis for co-operation between domains. For example, a domain’s meta-policy can function as a policy interface, thus establishing a basis for agreement on the structure of the objects accessed. In this way it is possible to build service level agreements between domains automatically.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملRole-based security for distributed object systems
This paper describes a security architecture designed to support role-based access control for distributed object systems in a large-scale, multi-organisational enterprise in which domains are used to group objects for specifying security policies. We use the concept of a role to define access control related to a position within an organisation although our role framework caters for the specif...
متن کاملRBPIM: Enforcing RBAC policies in distributed heterogeneous systems
This paper presents a PCIM-based framework for storing and enforcing RBAC (Role Based Access Control) policies in distributed heterogeneous systems. PCIM (Policy Core Information Model) is an information model proposed by IETF. PCIM permits to represent network policies in a standard form, allowing software from different vendors to read the same set of policy rules. This paper describes a PCIM...
متن کامل