Open AccessComparing simple role based access control models and access control lists
Author(s) -
John Barkley
Publication year - 1997
Publication title -
citeseer x (the pennsylvania state university)
Language(s) - English
Resource type - Conference proceedings
ISBN - 0-89791-985-8
DOI - 10.1145/266741.266769
Subject(s) - role based access control , access control , computer science , feature (linguistics) , simple (philosophy) , semantics (computer science) , session (web analytics) , point (geometry) , control (management) , computer access control , computer security , programming language , artificial intelligence , world wide web , linguistics , geometry , mathematics , philosophy , epistemology
The RBAC metaphor is powerful in its ability to ex- press access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A very simple RBAC model is shown to be no different from a group ACL mechanism from the point of view of its ability to express access control policy. RBAC is often distin- guished from ACLs by the inclusion of a feature which allows a session to be associated with a proper subset of the roles (i.e., groups in ACL terms) authorized for a user. Two possible semantics for this feature are de- scribed: one which requires a similar amount of pro- cessing as that required by ACLs, and another which requires significantly more processing than that required by ACLs. In addition, the capability to define role hier- archies is compared to an equivalent feature in ACLs.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom