Learn More
This article introduces a family of reference models for role-based access control RBAC in which permissions are associated with roles, and users are made members of appropriate roles. This greatly simpliies management of permissions. Roles are closely related to the concept of user groups in access control. However, a role brings together a set of users on(More)
In this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted(More)
In role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience and scalability, especially(More)
This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research(More)
In this paper, we introduce the family of UCON<sub>ABC</sub> models for usage control (UCON), which integrate <i>Authorizations (A), oBligations (B), and Conditions (C)</i>. We call these core models because they address the essence of UCON, leaving administration, delegation, and other important but second-order issues for later work. The term usage(More)
In this paper we develop the concept of Usage Control (UCON) that encompasses traditional access control, trust management, and digital rights management and goes beyond them in its definition and scope. While usage control concepts have been mentioned off and on in the security literature for some time, there has been no systematic treatment so far. By(More)
The basic concept of role-based access control (RBAC) is that permissions are associated with roles, and users are made members of appropriate roles, thereby acquiring the roles' permissions. This idea has been around since the advent of multiuser computing. Until recently, however, RBAC has received little attention from the research community. This(More)
In this paper, we develop a new paradigm for access control and authorization management, called task-based authorization controls (TBAC). TBAC models access controls from a task-oriented perspective than the traditional subject-object one. Access mediation now involves authorizations at various points during the completion of tasks in accordance with some(More)
Recently, there has been considerable interest in attribute based access control (ABAC) to overcome the limitations of the dominant access control models (i.e, discretionary-DAC, mandatory-MAC and role based-RBAC) while unifying their advantages. Although some proposals for ABAC have been published, and even implemented and standardized, there is no(More)