2007 IEEE International Performance, Computing, and Communications Conference
Full text: Download
Role-based access control and role hierarchies have been the subject of considerable research in recent years. In this paper, we consider three useful applications of a new role-based access control model that contains a novel approach to permissions and permission inheritance: one is to illustrate that the new model provides a simpler and more natural way to implement BLP model using role-based techniques; a second application is to make it possible to define separation of duty constraints on two roles that have a common senior role and for a user to be assigned to or activate the senior role; finally, we describe how a single hierarchy in the new model can support the distinction between role activation and permission usage. In short, the oriented permission model provides ways of implementing a number of useful features that have previously required ad hoc and inelegant solutions.