Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

In this paper, we introduce the notion of TeaM-based Access Control (TMAC) as an approach to applying rolebased access control in collaborative environments. Our focus is on collaborative activity that is best accomplished through organized teams. Thus, central to the TMAC approach is the notion of a “team” as an abstraction that encapsulates a collection of users in specific roles with the objective of accomplishing a specific task or goal. We were led to the idea of TMAC when our investigations revealed two interesting requirements for certain collaborative environments. The first was the need for a hybrid access control model that incorporated the advantages of broad, role-based permissions across object types, yet required fine-grained, identity-based control on individual users in certain roles and to individual object instances. The second was a need to distinguish the passive concept of permission assignment from the active concept of context-based permission activation. It remains to be seen whether these requirements should lead to yet another variation of one or more models of RBAC, or whether such requirements and TMAC concepts should form another access control model layered on top of RBAC. It is hoped the RBAC workshop will help researchers advance discussions on this issue. the notion of roles is an enterprise or organizational concept. As such, RBAC allows us to model security from an enterprise perspective since we can align security modeling to the roles and responsibilities in the enterprise. Second, RBAC is more scaleable than user-based security specifications since security can be administered as a whole for all users belonging to a role. This reduces the cost and administrative overhead associated with fine-grained security administration at the level of individual users, objects, and permissions. In this paper, we introduce the notion of TeaM-based Access Control (TMAC) as an approach to applying rolebased access control in collaborative environments such as those involving workflows [l 1, 121. Our focus is on collaborative activity that is best accomplished through organized teams. Thus, central to the TMAC approach is the notion of a “team” as an abstraction that encapsulates a collection of users in specific roles with the objective of accomplishing a specific task or goal. We were led to the formulation of TMAC during the course of our investigations on a recent DARPA funded research project [14]. The focus was on security issues for clinical workflows associated with patient care. Our goal was to come up with a security paradigm that recognized collaborations in clinical workflows in order to meet three objectives. The first was to provide a security environment that was nonintrusive to clinical staff. The second objective was to provide very tight, just-in-time permissions so that only the appropriate clinical staff could get access to a patient’s records and only when they were providing care for the patient. The third objective was to design a security framework that did not add any significant administrative overhead and was therefore self-administering to a great extent. The clinical setting is generally characterized by users with a diverse set of qualifications and responsibilities that can naturally be mapped to various roles. As such, it appeared