Relation Based Access Control: Logic and Policies

Date Added: Jul 2010
Format: PDF

The Web 2.0, GRID applications and more recently semantic desktop applications are bringing the Web to a situation where more and more data and metadata are shared and made available to large user groups. Things are further complicated by the highly unpredictable and autonomous dynamics of data, users, permissions and access control rules. For this novel scenario, a new access control model, Relation-Based Access Control (RelBAC) is proposed which allows subjects, objects and permissions to be defined independently. The key property which makes this possible is that permissions are modeled as relations between subjects and objects. RelBAC is formalized using the Description Logic ALCQIBO, which allows to perform policy management, e.g., separation of duties via automated reasoning.