Towards Session-Aware RBAC Delegation: Function Switch
نویسندگان
چکیده
This paper shows how to extend RBAC sessions with dynamic aspects to deal with user switch. Users can authenticate using their functions which will create a dynamic session and automatically activate a set of privileges associated with this function. A dynamic session can be joined, leaved, restarted and reused by authorized users. Moreover, a user can switch the session to another user in order to continue the task by preserving the working context. We discuss in this paper how to manage users privileges in the dynamic session and how to deal with the switch mechanism.
منابع مشابه
Task Delegation Based Access Control Models for Workflow Systems
e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined st...
متن کاملRole Delegation for a Distributed, Unified RBAC/MAC*
The day-today operations of corporations and government agencies rely on inter-operating legacy, COTs, databases, clients, servers, etc., which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). Both access control and security assurance within these distributed applications is paramount. Of particular concern is the delegation of authority, ...
متن کاملDW-RBAC: A formal security model of delegation and revocation in workflow systems
One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current RBAC model is a security mechanism to implement access control in organizations by allowing users to be assigned to roles and privileges to be ass...
متن کاملComprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Context. Role-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often rolebased policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights a...
متن کاملA Role-Based Delegation Model and Some Extensions
In Role-based Access control (RBAC) permissions are associated with roles and users are made members of roles thereby acquiring the associated permissions. User delegation in RBAC is the ability of one user (called the delegating user) who is a member of the delegated role to authorize another user (called the delegate user) to become a member of the delegated role. This paper proposes a simple...
متن کامل