Three for one: role-based access-control management in rapidly changing heterogeneous environments

ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI:10.1145/344287.344306

Axel Mönkeberg, René Rakete

{"title":"Three for one: role-based access-control management in rapidly changing heterogeneous environments","authors":"Axel Mönkeberg, René Rakete","doi":"10.1145/344287.344306","DOIUrl":null,"url":null,"abstract":"We describe a maintenance tool for role-based access-control (RBAC0, RBAC1 and RBAC2 [1]), implemented in a Swiss bank. Concept and implementation of the system is as far as possible independent of operating system and vendors. The tool supports the maintenance of the access control interface to database systems, operating systems, web server and application systems (e.g. workflow management systems [9], OLAP tools and analytic tools).\nIt is based on the principle of using a system independent access-control specification-language (ADL), a repository for static definition and runtime data, a target system independent access-control command language (CDL) and a set of different target system specific implementations of the access-control maintenance interfaces (TDL).\nThe system is able to maintain the access control interfaces of passive systems (e.g. common DBMS [5],[6],[7] and OS [8],[12],[10]) and supports also the access control mechanism of active systems. Active systems have no own authorization control mechanism implemented. Active systems check the authorization of operations of a particular user by calling a “central” authorization instance.\nThe system is implemented in Java and SQL and uses the CORBA IIOP communication protocol.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/344287.344306","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

We describe a maintenance tool for role-based access-control (RBAC0, RBAC1 and RBAC2 [1]), implemented in a Swiss bank. Concept and implementation of the system is as far as possible independent of operating system and vendors. The tool supports the maintenance of the access control interface to database systems, operating systems, web server and application systems (e.g. workflow management systems [9], OLAP tools and analytic tools). It is based on the principle of using a system independent access-control specification-language (ADL), a repository for static definition and runtime data, a target system independent access-control command language (CDL) and a set of different target system specific implementations of the access-control maintenance interfaces (TDL). The system is able to maintain the access control interfaces of passive systems (e.g. common DBMS [5],[6],[7] and OS [8],[12],[10]) and supports also the access control mechanism of active systems. Active systems have no own authorization control mechanism implemented. Active systems check the authorization of operations of a particular user by calling a “central” authorization instance. The system is implemented in Java and SQL and uses the CORBA IIOP communication protocol.

查看原文本刊更多论文

三合一:快速变化的异构环境中基于角色的访问控制管理

我们描述了一个在瑞士银行实现的基于角色的访问控制(RBAC0、RBAC1和RBAC2[1])的维护工具。系统的概念和实现尽可能独立于操作系统和供应商。该工具支持维护数据库系统、操作系统、web服务器和应用系统(例如工作流管理系统[9]、OLAP工具和分析工具)的访问控制接口。它基于使用系统独立访问控制规范语言(ADL)、静态定义和运行时数据存储库、目标系统独立访问控制命令语言(CDL)和访问控制维护接口(TDL)的一组不同目标系统特定实现的原则。该系统能够维护被动系统的访问控制接口(如常见的DBMS[5]、[6]、[7]和操作系统[8]、[12]、[10])，也支持主动系统的访问控制机制。主动系统没有实现自己的授权控制机制。活动系统通过调用“中央”授权实例来检查特定用户的操作授权。系统采用Java和SQL语言实现，采用CORBA IIOP通信协议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Workshop on Role-Based Access Control

自引率

0.00%

发文量