Authorization of Knowledge-base Agents in an Intent-based Management Function

TL;DR

This paper proposes a dynamic, policy-driven authorization framework for knowledge-base agents in intent-based 6G network management, addressing limitations of traditional access control models.

Contribution

It introduces an enhanced authorization model combining contextual and functional attributes with agent roles for fine-grained, dynamic access control.

Findings

Framework ensures minimal necessary privileges for agents.

Addresses flexibility issues in traditional access control models.

Supports secure, dynamic authorization in multi-tenant environments.

Abstract

As networks move toward the next-generation 6G, Intent-based Management (IbM) systems are increasingly adopted to simplify and automate network management by translating high-level intents into low-level configurations. Within these systems, agents play a critical role in monitoring current state of the network, gathering data, and enforcing actions across the network to fulfill the intent. However, ensuring secure and fine-grained authorization of agents remains a significant challenge, especially in dynamic and multi-tenant environments. Traditional models such as Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC) and Relational-Based Access Control (RelBAC) often lack the flexibility to accommodate the evolving context and granularity required by intentbased operations. In this paper, we propose an enhanced authorization framework that integrates contextual and functional attributes with agent roles to achieve dynamic, policy-driven access control. By analyzing agent functionalities, our approach ensures that agents are granted only the minimal necessary privileges towards knowledge graphs.