A role-based infrastructure management system: Design and implementation

Dongwan Shin, Gail Joon Ahn, Sangrae Cho, Seunghun Jin

Research output: Contribution to journalArticle

4 Scopus citations

Abstract

Over the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC), One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role-based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role-centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP-accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege-based authorization infrastructure.

Original languageEnglish (US)
Pages (from-to)1121-1141
Number of pages21
JournalConcurrency Computation Practice and Experience
Volume16
Issue number11
DOIs
StatePublished - Sep 1 2004
Externally publishedYes

Keywords

  • Authorization infrastructure
  • Role administration
  • Role engineering
  • Role management
  • Role-based access control

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Computer Science Applications
  • Computer Networks and Communications
  • Computational Theory and Mathematics

Fingerprint Dive into the research topics of 'A role-based infrastructure management system: Design and implementation'. Together they form a unique fingerprint.

Cite this