DynRBAC - Dynamic Role Based Access Control
Az oldal elérhető magyarul is.
What is DynRBAC for?
Role Based Access Control (RBAC) is the de-facto industry standard for access rights management, that is, for specifying, who can perform which operation on which protected resource. In many cases the access control decision can be taken based on solely these three parameters, however, special policy requirements - business logic related or security constraints - demand the inclusion of contextual parameters in the authorization decision process.
Responding to these special requirements, software vendors have implemented extensions to the RBAC policy model, which allow the definition of more flexible policies and access control rules based on runtime conditions. However, while enabling more flexible authorization, these extensions have caused a slight divergence of the security software solutions' operation and the behavior of the RBAC model instance serving as the policy specification. The fact, that the actual solution and the model thereof do not show the same behavior, sets a burden to model based validation of the security policies.
DynRBAC is an access control model that extends Role Base Access Control with the ability of including contextual parameters in the authorization process. It enhances the access control decision with the option of evaluating guards. (A guard is a logical expression referencing contextual data to indicate a condition that will allow access to be granted.) With this enhancements, proprietary access control extensions can be represented and validated in a unified, vendor-independent manner on the level of modeling.
Related resources
- Tibor Bősze: High performance dynamic authorization service for mission critical enterprise environments, 2006
- Péter Kovacsics: Modelling and simulation of a dynamic access control service, 2008 (in Hungarian)