A role-based infrastructure management system

Design and implementation

Dongwan Shin, Gail-Joon Ahn, Sangrae Cho, Seunghun Jin

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Over the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC), One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role-based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role-centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP-accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege-based authorization infrastructure.

Original languageEnglish (US)
Pages (from-to)1121-1141
Number of pages21
JournalConcurrency Computation Practice and Experience
Volume16
Issue number11
DOIs
StatePublished - Sep 2004
Externally publishedYes

Fingerprint

Access control
System Design
Infrastructure
Systems analysis
Role-based Access Control
Authorization
Control Policy
Access Control
Tend
Valid
Costs

Keywords

  • Authorization infrastructure
  • Role administration
  • Role engineering
  • Role management
  • Role-based access control

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Software
  • Theoretical Computer Science
  • Computational Theory and Mathematics

Cite this

A role-based infrastructure management system : Design and implementation. / Shin, Dongwan; Ahn, Gail-Joon; Cho, Sangrae; Jin, Seunghun.

In: Concurrency Computation Practice and Experience, Vol. 16, No. 11, 09.2004, p. 1121-1141.

Research output: Contribution to journalArticle

Shin, Dongwan ; Ahn, Gail-Joon ; Cho, Sangrae ; Jin, Seunghun. / A role-based infrastructure management system : Design and implementation. In: Concurrency Computation Practice and Experience. 2004 ; Vol. 16, No. 11. pp. 1121-1141.
@article{599110040c35471b888cc4f7bfb5d502,
title = "A role-based infrastructure management system: Design and implementation",
abstract = "Over the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC), One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role-based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role-centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP-accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege-based authorization infrastructure.",
keywords = "Authorization infrastructure, Role administration, Role engineering, Role management, Role-based access control",
author = "Dongwan Shin and Gail-Joon Ahn and Sangrae Cho and Seunghun Jin",
year = "2004",
month = "9",
doi = "10.1002/cpe.807",
language = "English (US)",
volume = "16",
pages = "1121--1141",
journal = "Concurrency Computation Practice and Experience",
issn = "1532-0626",
publisher = "John Wiley and Sons Ltd",
number = "11",

}

TY - JOUR

T1 - A role-based infrastructure management system

T2 - Design and implementation

AU - Shin, Dongwan

AU - Ahn, Gail-Joon

AU - Cho, Sangrae

AU - Jin, Seunghun

PY - 2004/9

Y1 - 2004/9

N2 - Over the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC), One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role-based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role-centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP-accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege-based authorization infrastructure.

AB - Over the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC), One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role-based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role-centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP-accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege-based authorization infrastructure.

KW - Authorization infrastructure

KW - Role administration

KW - Role engineering

KW - Role management

KW - Role-based access control

UR - http://www.scopus.com/inward/record.url?scp=4344659701&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4344659701&partnerID=8YFLogxK

U2 - 10.1002/cpe.807

DO - 10.1002/cpe.807

M3 - Article

VL - 16

SP - 1121

EP - 1141

JO - Concurrency Computation Practice and Experience

JF - Concurrency Computation Practice and Experience

SN - 1532-0626

IS - 11

ER -