Abstract
Various role-based access control (RBAC) models have evolved along with a small number of implementations. One approach is to make role assignment persistent. After authentication, a principal can exercise the privileges associated with the roles it is assigned to without further action. Another approach is that principals must activate roles explicitly when they need to exercise the privileges associated with the roles. In this paper we outline our models and implementations (PER-MIS and OASIS), which provide an example of each style of system. Both are concerned with realistic implementations in large-scale, widely distributed systems. We discuss the advantages and disadvantages of persistent versus dynamic role membership.
Chapter PDF
Similar content being viewed by others
References
J. Bacon, K. Moody, J. Bates, R. Hayton, C. Ma, A. McNeil, O. Seidel, and M. Spiteri. Generic support for distributed applications. IEEE Computer, pp.68–76, March 2000.
J. Bacon and K. Moody. Towards open, secure, widely distributed services. Comm ACM, 43(6), pp.59–63, June 2002
J. Bacon, K. Moody and W. Yao. Access Control and Trust in the Use of Widely Distributed Services. In Middleware 2001, Springer LNCS 2218, pp.295–310, 2001
J. Bacon, K. Moody, and W. Yao. A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security, Vol. 5, No. 4 (November), pp.492–540, ACM Press, New York, NY, 2002.
E. Barka and R. Sandhu. A role-based delegation model and some extensions. In 23rd National Information Systems Security Conference, NISSC, Baltimore, MD, Oct 2000.
D. W. Chadwick and A. Otenko. The PERMIS X.509 role-based privilege management infrastructure Proceedings, Seventh ACM Symposium on Access Control Models and Technologies (SACMAT), Monterey CA, pp.135–140, June 2002.
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas and T. Ylonen. SPKI Certificate Theory Internet RFC 2693, September 1999
D. F. Ferraiolo, J. F. Barkley, and D. R. Kuhn. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security, 2(1):34–64, Feb. 1999.
L. Giuri and P. Iglio. Role templates for content-based access control. In Second ACM Workshop on Role-Based Access Control, pages 153–159, Fairfax, VA. Nov. 1997.
ISO/IEC 10181-3:1996 Open Systems Interconnection, Security frameworks for open systems: Access control framework
M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams. X.509 Internet PKI Online Certificate Status Protocol-OCSP. IETF RFC 2560, June 1999.
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. Computer, 29(2):38–47, Feb. 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Bacon, J., Moody, K., Chadwick, D., Otenko, O. (2004). Persistent Versus Dynamic Role Membership. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_25
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_25
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive