A role-based infrastructure management system: design and implementation

A role-based infrastructure management system: design and implementation

Over the last decade there has been a tremendous advance in the theory and practice of role‐based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Concurrency and computation 2004-09, Vol.16 (11), p.1121-1141
Hauptverfasser: Shin, Dongwan, Ahn, Gail-Joon, Cho, Sangrae, Jin, Seunghun
Format: Artikel
Sprache:eng
Schlagworte:
authorization infrastructure
role administration
role engineering
role management
role-based access control
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1141
container_issue 11
container_start_page 1121
container_title Concurrency and computation
container_volume 16
creator Shin, Dongwan
Ahn, Gail-Joon
Cho, Sangrae
Jin, Seunghun
description Over the last decade there has been a tremendous advance in the theory and practice of role‐based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role‐based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role‐based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role‐centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP‐accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege‐based authorization infrastructure. Copyright © 2004 John Wiley & Sons, Ltd.
doi_str_mv 10.1002/cpe.807
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_28319793</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>28319793</sourcerecordid><originalsourceid>FETCH-LOGICAL-c3287-fb170af4685474cb45c6b266c8229fc521cb368000e7e5fe4c52f74d53de12323</originalsourceid><addsrcrecordid>eNp10LtOwzAUgGELgUQpiFfIBANK8SWxU7aqKi2oAoZyEYvlOMdVIDfsRJC3xxDUjclHPp_O8CN0SvCEYEwvdQOTBIs9NCIxoyHmLNrfzZQfoiPn3jAmBDMyQqtZYOsCwlQ5yIK8Mla51na67SwEparUFkqo2sD1roXyKsjA5dsqUJXHZVP8LlWb19UxOjCqcHDy947R4_ViM1-F6_vlzXy2DjWjiQhNSgRWJuJJHIlIp1GseUo51wmlU6NjSnTKeIIxBgGxgch_GRFlMcuAUEbZGJ0Ndxtbf3TgWlnmTkNRqArqzkmaMDIVU-bh-QC1rZ2zYGRj81LZXhIsf0pJX0r6Ul5eDPIzL6D_j8n5w2LQ4aBzX-Rrp5V9l1wwEcvnu6Ukr8nty4Y8Scy-ARbEeGQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>28319793</pqid></control><display><type>article</type><title>A role-based infrastructure management system: design and implementation</title><source>Access via Wiley Online Library</source><creator>Shin, Dongwan ; Ahn, Gail-Joon ; Cho, Sangrae ; Jin, Seunghun</creator><creatorcontrib>Shin, Dongwan ; Ahn, Gail-Joon ; Cho, Sangrae ; Jin, Seunghun</creatorcontrib><description>Over the last decade there has been a tremendous advance in the theory and practice of role‐based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role‐based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role‐based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role‐centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP‐accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege‐based authorization infrastructure. Copyright © 2004 John Wiley &amp; Sons, Ltd.</description><identifier>ISSN: 1532-0626</identifier><identifier>EISSN: 1532-0634</identifier><identifier>DOI: 10.1002/cpe.807</identifier><language>eng</language><publisher>Chichester, UK: John Wiley &amp; Sons, Ltd</publisher><subject>authorization infrastructure ; role administration ; role engineering ; role management ; role-based access control</subject><ispartof>Concurrency and computation, 2004-09, Vol.16 (11), p.1121-1141</ispartof><rights>Copyright © 2004 John Wiley &amp; Sons, Ltd.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c3287-fb170af4685474cb45c6b266c8229fc521cb368000e7e5fe4c52f74d53de12323</citedby><cites>FETCH-LOGICAL-c3287-fb170af4685474cb45c6b266c8229fc521cb368000e7e5fe4c52f74d53de12323</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://onlinelibrary.wiley.com/doi/pdf/10.1002%2Fcpe.807$$EPDF$$P50$$Gwiley$$H</linktopdf><linktohtml>$$Uhttps://onlinelibrary.wiley.com/doi/full/10.1002%2Fcpe.807$$EHTML$$P50$$Gwiley$$H</linktohtml><link.rule.ids>314,780,784,1417,27924,27925,45574,45575</link.rule.ids></links><search><creatorcontrib>Shin, Dongwan</creatorcontrib><creatorcontrib>Ahn, Gail-Joon</creatorcontrib><creatorcontrib>Cho, Sangrae</creatorcontrib><creatorcontrib>Jin, Seunghun</creatorcontrib><title>A role-based infrastructure management system: design and implementation</title><title>Concurrency and computation</title><addtitle>Concurrency Computat.: Pract. Exper</addtitle><description>Over the last decade there has been a tremendous advance in the theory and practice of role‐based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role‐based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role‐based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role‐centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP‐accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege‐based authorization infrastructure. Copyright © 2004 John Wiley &amp; Sons, Ltd.</description><subject>authorization infrastructure</subject><subject>role administration</subject><subject>role engineering</subject><subject>role management</subject><subject>role-based access control</subject><issn>1532-0626</issn><issn>1532-0634</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2004</creationdate><recordtype>article</recordtype><recordid>eNp10LtOwzAUgGELgUQpiFfIBANK8SWxU7aqKi2oAoZyEYvlOMdVIDfsRJC3xxDUjclHPp_O8CN0SvCEYEwvdQOTBIs9NCIxoyHmLNrfzZQfoiPn3jAmBDMyQqtZYOsCwlQ5yIK8Mla51na67SwEparUFkqo2sD1roXyKsjA5dsqUJXHZVP8LlWb19UxOjCqcHDy947R4_ViM1-F6_vlzXy2DjWjiQhNSgRWJuJJHIlIp1GseUo51wmlU6NjSnTKeIIxBgGxgch_GRFlMcuAUEbZGJ0Ndxtbf3TgWlnmTkNRqArqzkmaMDIVU-bh-QC1rZ2zYGRj81LZXhIsf0pJX0r6Ul5eDPIzL6D_j8n5w2LQ4aBzX-Rrp5V9l1wwEcvnu6Ukr8nty4Y8Scy-ARbEeGQ</recordid><startdate>200409</startdate><enddate>200409</enddate><creator>Shin, Dongwan</creator><creator>Ahn, Gail-Joon</creator><creator>Cho, Sangrae</creator><creator>Jin, Seunghun</creator><general>John Wiley &amp; Sons, Ltd</general><scope>BSCLL</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>H8D</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>200409</creationdate><title>A role-based infrastructure management system: design and implementation</title><author>Shin, Dongwan ; Ahn, Gail-Joon ; Cho, Sangrae ; Jin, Seunghun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c3287-fb170af4685474cb45c6b266c8229fc521cb368000e7e5fe4c52f74d53de12323</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2004</creationdate><topic>authorization infrastructure</topic><topic>role administration</topic><topic>role engineering</topic><topic>role management</topic><topic>role-based access control</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Shin, Dongwan</creatorcontrib><creatorcontrib>Ahn, Gail-Joon</creatorcontrib><creatorcontrib>Cho, Sangrae</creatorcontrib><creatorcontrib>Jin, Seunghun</creatorcontrib><collection>Istex</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Aerospace Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Concurrency and computation</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Shin, Dongwan</au><au>Ahn, Gail-Joon</au><au>Cho, Sangrae</au><au>Jin, Seunghun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A role-based infrastructure management system: design and implementation</atitle><jtitle>Concurrency and computation</jtitle><addtitle>Concurrency Computat.: Pract. Exper</addtitle><date>2004-09</date><risdate>2004</risdate><volume>16</volume><issue>11</issue><spage>1121</spage><epage>1141</epage><pages>1121-1141</pages><issn>1532-0626</issn><eissn>1532-0634</eissn><abstract>Over the last decade there has been a tremendous advance in the theory and practice of role‐based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role‐based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role‐based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role‐centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP‐accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege‐based authorization infrastructure. Copyright © 2004 John Wiley &amp; Sons, Ltd.</abstract><cop>Chichester, UK</cop><pub>John Wiley &amp; Sons, Ltd</pub><doi>10.1002/cpe.807</doi><tpages>21</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1532-0626
ispartof Concurrency and computation, 2004-09, Vol.16 (11), p.1121-1141
issn 1532-0626
1532-0634
language eng
recordid cdi_proquest_miscellaneous_28319793
source Access via Wiley Online Library
subjects authorization infrastructure
role administration
role engineering
role management
role-based access control
title A role-based infrastructure management system: design and implementation
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T03%3A18%3A57IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20role-based%20infrastructure%20management%20system:%20design%20and%20implementation&rft.jtitle=Concurrency%20and%20computation&rft.au=Shin,%20Dongwan&rft.date=2004-09&rft.volume=16&rft.issue=11&rft.spage=1121&rft.epage=1141&rft.pages=1121-1141&rft.issn=1532-0626&rft.eissn=1532-0634&rft_id=info:doi/10.1002/cpe.807&rft_dat=%3Cproquest_cross%3E28319793%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=28319793&rft_id=info:pmid/&rfr_iscdi=true