Abstract
The rule-based RBAC (RB-RBAC) model has been proposed to dynamically assign users to roles based on a set of rules. We identify two problems of this model: simplified rule language with limited expressiveness and the lack of rule reasoning capabilities. In this paper we propose an expressive and extensible provisioning framework that overcomes these drawbacks. Our framework supports complex user-role assignment rules and provides rule reasoning capabilities using OWL DL and F-Logic. Furthermore, we show how our approach supports (i) weak and strong negation to enhance expressiveness and strictness, (ii) defining static SoD constraints, and (iii) detecting conflicts. Finally, the paper describes a mechanism to deduce well-formed SPML requests from rules to provision policy systems with entitlements.
More Here
Courtesy:http://www.springerlink.com/content/c4m2p02943p88l60/