Description Logic Modeling of Temporal Attribute-Based Access Control

Abstract

In large-scale open systems like Internet, attribute based access control is more appropriate than some other access control mechanisms. A fragment of description logic can be used to represent and reason about policies of attribute-based access control, because with logic descriptions, policies have a clear syntax and semantics. Further more, with the description logic modeling, ABAC policies and subject attributes assertions are easy to be integrated with semantic Web language which is designed to facilitate the machine interpretability and interoperability in distributed environment. The description logic representation is flexible to hold broad scope of information about users and contexts. The temporal properties of access control are also specified in our model.