On the role of roles
On the role of roles
This paper maintains that for an access-control (AC) mechanism tosupport a wide range of policies, it is best to dispense with any built-insemantics for roles in the mechanism itself---be it the semantics of RBAC, orany other---leaving such semantics to be defined by particular policies. Inother words, an AC mechanism should be sensitive to roles, allowingspecific policies to take roles into account for their authorizationdecisions. But it should not be based on any particular interpretationof the structure of roles, or of their effect on access control. The validity of this assertion is demonstrated by showing that a mechanismcalled Law-governed interaction (LGI), which has no built-in concept of roles,can nevertheless support a wide range of policies that take roles intoaccount. These include RBAC itself, its various generalizations, as well asconcepts like budgetary controls, which seems to be quite inconsistent withRBAC. All such policies can be formulated, deployed, and enforced, via asingle scalable, and fully implemented LGI mechanism.
- Rutgers, The State University of New Jersey United States
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).6 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 10%
Citations provided by BIP!Popularity provided by BIP!