Access Control for Hierarchical Joint-Tenancy
WSEAS Transactions on Computing, Volume 5, Issue 6
Jonathan K. Adams, Nova Southeastern University, jonaadam@scis.nova.edu
Basheer Bristow, IBM
Abstract:
Significant research has been done in the area of Role Based Access Control [RBAC]. Within this research there has been a thread of work focusing on adding parameters to the role and permissions wBasic role based access control [RBAC] provides a mechanism for segregating access privileges based upon users' hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple hierarchies. In a case where there is joint-tenancy and a requirement for different levels of disclosure based upon a user's hierarchy, or in our case, organization or company, basic RBAC requires these hierarchies to be effectively merged. Specific roles that effectively represent both the users’ organizations and roles must be translated to fit within the merged hierarchy to be used to control access. Essentially, users from multiple organizations are served from a single role base with roles designed to constrain their access as needed.
Our work proposes, through parameterized roles and privileges, a means for accurately representing both users' roles within their respective hierarchies for providing access to controlled objects. Using this method will reduce the amount of complexity required in terms of the number of roles and privileges. The resulting set of roles, privileges, and objects will make modeling and visualizing the access role hierarchy significantly simplified. This paper will give some background on role based access control, parameterized roles and privileges, and then focus on how RBAC with parameterized roles and privileges can be leveraged as an access control solution for the problems presented by joint tenancy within RBAC. The primary benefit of parameter support in RBAC comes in the form of a significant increase in specificity in how permissions may be granted. This paper focuses on implementing a parameterized implementation based heavily upon existing standards.
Keywords: Security, Access Control Models, Usage Control, Collaborative Systems, Role Based Access Control