A Model for Attribute Based Role-Role Assignment (ARRA)
Jiwan Ninglekhu, Ram Krishnan
TL;DR
This paper introduces ARRA, a flexible attribute-based model for role-role assignment in RBAC systems that unifies various existing RRA approaches using entity attributes.
Contribution
It proposes a novel attribute-based RRA model that unifies and generalizes prior RRA approaches in RBAC systems.
Findings
ARRA can express and unify prior RRA models
ARRA leverages attributes of RBAC entities for flexible administration
The model enhances the expressiveness of role-role assignments
Abstract
Administrative Role Based Access Control (ARBAC) models specify how to manage user-role assignments (URA), permission-role assignments (PRA), and role-role assignments (RRA). Many approaches have been proposed in the literature for URA, PRA, and RRA. In this paper, we propose a model for attribute-based role-role assignment (ARRA), a novel way to unify prior RRA approaches. We leverage the idea that attributes of various RBAC entities such as admin users and regular roles can be used to administer RRA in a highly flexible manner. We demonstrate that ARRA can express and unify prior RRA models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Internet Traffic Analysis and Secure E-voting · Cryptography and Data Security