Research Article
A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments
@INPROCEEDINGS{10.1007/978-3-642-03354-4_24, author={Isabel Cruz and Rigel Gjomemo and Benjamin Lin and Mirko Orsini}, title={A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments}, proceedings={Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers}, proceedings_a={COLLABORATECOM}, year={2012}, month={5}, keywords={role-based access control collaborative applications dynamic environments Semantic Web reasoning}, doi={10.1007/978-3-642-03354-4_24} }
- Isabel Cruz
Rigel Gjomemo
Benjamin Lin
Mirko Orsini
Year: 2012
A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments
COLLABORATECOM
Springer
DOI: 10.1007/978-3-642-03354-4_24
Abstract
We investigate a security framework for collaborative applications that relies on the role-based access control (RBAC) model. In our framework, roles are pre-defined and organized in a hierarchy (partial order). However, we assume that users are not previously identified, therefore the actions that they can perform are dynamically determined based on their own attribute values and on the attribute values associated with the resources. Those values can vary over time (e.g., the user’s location or whether the resource is open for visiting) thus enabling or disabling a user’s ability to perform an action on a particular resource. In our framework, constraint values form partial orders and determine the association of actions with the resources and of users with roles. We have implemented our framework by exploring the capabilities of semantic web technologies, and in particular of OWL 1.1, to model both our framework and the domain of interest and to perform several types of reasoning. In addition, we have implemented a user interface whose purpose is twofold: (1) to offer a visual explanation of the underlying reasoning by displaying roles and their associations with users (e.g., as the user’s locations vary); and (2) to enable monitoring of users that are involved in a collaborative application. Our interface uses the Google Maps API and is particularly suited to collaborative applications where the users’ geospatial locations are of interest.