Service-oriented architecture (SOA) is widely recognized as an especially effective solution for integrating loosely coupled and distributed resources. One of the major challenges in developing SOAbased applications is the management of authorization requirements in distributed environments. This paper proposes a formal authorization model based on a role-based access control model to demonstra...

We present the design of an authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) The use of a language, called generalized access control list (GACL), as a common representation of authorization requirements. (2) The use of authen...

A set can be defined intensionally by specifying properties required of all its members or it can be defined extensionally by enumerating its elements. For example, the set of people authorized to enter a nightclub might be characterized intensionally by giving a minimum required age or characterized extensionally by providing a guest list. The DAC and MAC authorization policies we have been st...

It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Rolebased Autho...

The role of regulatory drug submission evaluators in Canada is to critically assess both the data submitted and the sponsor's interpretation of the data in order to reach an evidence-, and context-based recommendation as to the potential benefits and potential harms (i.e., risks) associated with taking the drug under the proposed conditions of use. The purpose of this document is to outline the...

Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not show the full range of problems, their impact on organizations, and underlying causes. We present a study of 118 individual's e...

Detecting security aws is important in order to keep the database secure. A security aw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security aws can occur under the authorization. The main aim of this paper is to show an e cient decisio...