Attribute Based Administration of Role Based Access Control : A Detailed Description
Jiwan Ninglekhu, Ram Krishnan
TL;DR
This paper introduces attribute-based administrative models for RBAC, namely AURA and ARPA, which unify and extend existing approaches for user-role and permission-role management using entity attributes.
Contribution
The paper proposes novel attribute-based models AURA and ARPA that unify and generalize many prior RBAC administrative approaches.
Findings
AURA and ARPA can express numerous existing RBAC administrative models.
Attribute-based approach offers high flexibility in managing user and permission assignments.
Unified models facilitate easier and more adaptable RBAC administration.
Abstract
Administrative Role Based Access Control (ARBAC) models deal with how to manage user-role assignments (URA), permission-role assignments (PRA), and role-role assignments (RRA). A wide variety of approaches has been proposed in the literature for URA, PRA, and RRA. In this paper, we propose attribute-based administrative models that unify many prior approaches for URA and PRA. The motivating factor is that attributes of various RBAC entities such as admin users, regular users and permissions can be used to administer URA and PRA in a highly flexible manner. We develop an attribute-based URA model called AURA and an attribute-based PRA model called ARPA. We demonstrate that AURA and ARPA can express and unify many prior URA and PRA models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBusiness Law and Ethics · Access Control and Trust · Dispute Resolution and Class Actions