An object-oriented RBAC model for distributed system

Abstract

In distributed computing environments, users would like to share resources and communicate with each other to perform their jobs more efficiently. For better performance, it is important to keep resources and information integrity from unexpected use by unauthorized users. Therefore, there is a strong demand for access control of distributed shared resources. Role-Based-Access-Control (RBAC) has been introduced and offers a powerful means for specifying access control decisions. The authors propose an object oriented RBAC model for distributed system (ORBAC), it efficiently represents the real world. Moreover, under the decentralized ORBAC management architecture, an implementation of the model has realized multiple-domain access control. Finally, statically and dynamically role authorization is considered and a method to deal with the problem of separation of duties is presented.