Relational Access Control with Bivalent Permissions in a Social Web/Collaboration Architecture

TL;DR

This paper introduces BROAC, a flexible access control model with positive and negative permissions, implemented in Deme, enabling conflict resolution and scalable permission checks in social web/collaboration platforms.

Contribution

It presents the BROAC model with conflict resolution mechanisms and demonstrates its implementation and scalability within the Deme web content management framework.

Findings

BROAC supports positive and negative permissions.

Permission checking scales linearly with website size.

Deme effectively resolves permission conflicts.

Abstract

We describe an access control model that has been implemented in the web content management framework "Deme" (which rhymes with "team"). Access control in Deme is an example of what we call "bivalent relation object access control"(BROAC). This model builds on recent work by Giunchiglia et al. on relation-based access control (RelBAC), as well as other work on relational, flexible, fine-grained, and XML access control models. We describe Deme's architecture and review access control models, motivating our approach. BROAC allows for both positive and negative permissions, which may conflict with each other. We argue for the usefulness of defining access control rules as objects in the target database, and for the necessity of resolving permission conflicts in a social Web/collaboration architecture. After describing how Deme access control works, including the precedence relations between different permission types in Deme, we provide several examples of realistic scenarios in which permission conflicts arise, and show how Deme resolves them. Initial performance tests indicate that permission checking scales linearly in time on a practical Deme website.