A Role and Activity Based Access Control Model for University Identity and Access Management System

Abstract

Although RBAC model has received broad support as a generalized access control solution, it has several innate limitations. We propose a Role and Activity Based Access Control model called R-ABAC, which extends the traditional RBAC model with the notion of participation, act and activity. An activity is an abstraction of the application environment, and organizes participations and acts as a digraph for expressing dependency of activity steps, as well as containing rich context information such as time, location and system status. An implementation of R-ABAC model has been applied to a university unified identity and access management system (UIAMS).