this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted model results in uncertainty and confusion about RBAC's utility and meaning. The standard proposed here seeks to resolve this situation by unifying ideas from a base of frequently referenced RBAC models, commercial products, and research prototypes. It is intended to serve as a foundation for product development, evaluation, and procurement specification. Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, we feel the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers. As such, this document does not attempt to standardize RBAC features beyond those that have achieved acceptance in the commercial marketplace and research community, but instead focuses on defining a fundamental and stable set of RBAC components. This standard is organized into the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The reference model defines the scope of features that comprise the standard and provides a consistent vocabulary in support of the specification. The RBAC System and Administrative Functional Specification defines functional requirements for administrative operations and queries for the creation, maintenance, and review of RBAC sets and relations, as well as for specifying system level functionality in sup...

Trends towards increased business process automation, e-commerce, and e-business have led to increasing interest in the field of workflow management. In this paper, we provide a perspective on the state of research in workflow management systems, and discuss possible future research directions in this area, with a particular emphasis on workflow systems in integrating interorganizational processes and enabling e-commerce solutions.

Today’s workflow management systems offer work items to workers using rather primitive mechanisms. While most workflow systems support a role-based distribution of work, they have problems dealing with unavailability of workers as a result of vacation or illness, overloading, context dependent suitability, deadlines, and delegation. As a result, the work is offered to too few, too many, or even the wrong set of workers. Current practice is to offer a work item to one person, thus causing problems when the person is not present or too busy, or to offer it to a set of people sharing a given role, thus not incorporating the qualifications and preferences of people. Literature on work distribution is typically driven by considerations related to authorizations and permissions. However, workflow processes are operational processes where there is a highly dynamic trade-off between security and performance. For example, an approaching deadline and an overloaded specialist may be the trigger to offer work items to lesser-qualified workers. This paper addresses this problem by proposing a systematic approach to dynamically create a balance between quality and performance issues in workflow systems. We illustrate and evaluate the proposed approach with a realistic example and also compare how a workflow system would implement this scenario to highlight the shortcomings of current, state of the art workflow systems. Finally, a detailed simulation model is used to validate our approach. 1.

In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and practices that face businesses today. The purpose of RBAC on the Web would be to provide this access control service, thereby enabling the use of the Web for new and more sophisticated applications -- to allow access to information and other resources that would otherwise not be possible given the existing lack of operational assurance. This paper describes an approach at providing these assurances through the use of RBAC for networked Web servers. 1 Introduction One of the greatest obstacles in the growth of intranets as a means of enterprise computing is the inability to effectively manage authorization data. Today, authorization management is costly and prone to error. Web Server administrators usually control user access to enterprise ...

Recent data mining algorithms have been designed for application domains that involve several types of objects stored in multiple relations in relational databases. This fact has motivated the increasing number of successful applications of relational data mining over recent years. On the other hand, such applications have introduced a new threat to privacy and information security since from non-sensitive data one is able to infer sensitive information, including personal information, facts or even patterns that are not supposed to be disclosed. The existing access control models adopted to successfully manage the access of information in complex systems present some limitations in the context of data mining tasks. The main reason is that such models were designed to protect the access to explicit data (e.g. tables, attributes, views, etc), whereas data mining tasks deal with the discovery of implicit data (e.g. patterns) . In this paper, we take a first step toward an access control model for ensuring privacy in relational data mining, notably in multi-relational association rules (MRAR). In this model, users associated with different mining access levels, even using the same algorithm, are allowed to mine different sets of association rules. We provide the groundwork to build our access control model over existing technologies and discuss some directions for future work.

Enterprises are rapidly extending their relatively stable and internally-oriented business processes and applications with loosely-coupled enterprise software services in order to support highly dynamic, cross-organizational business processes. These services are no longer solely based on internal enterprise systems, but often implemented, deployed and executed by diverse, external service providers. The ability to dynamically configure cross-organizational business processes with a mixture of internal and external services, imposes new security requirements on existing security models. In this paper, we address the problem of defining and enforcing access control rules for securing service invocations in the context of a business process. For this purpose, we amortize existing role-based access control models that allow for dynamic delegation and retraction of authorizations. Authorizations are assigned on an event-driven basis, implementing a push-based interaction protocol between services. This novel security model is entitled the Event-driven Framework for Service Oriented Computing (EFSOC). In addition, this article presents an experimental prototype that is explored using a realistic case study.

Recent data mining algorithms have been designed for application domains that involve several types of objects stored in multiple relations in relational databases. This fact has motivated the increasing number of successful applications of relational data mining over recent years. On the other hand, such applications have introduced a new threat to privacy and information security since from non-sensitive data one is able to infer sensitive information, including personal information, facts or even patterns that are not supposed to be disclosed. The existing access control models adopted to successfully manage the access of information in complex systems present some limitations in the context of data mining tasks. The main reason is that such models were designed to protect the access to explicit data (e.g. tables, attributes, views, etc), whereas data mining tasks deal with the discovery of implicit data (e.g. patterns) . In this paper, we take a first step toward an access control model for ensuring privacy in relational data mining, notably in multi-relational association rules (MRAR). In this model, users associated with di#erent mining access levels, even using the same algorithm, are allowed to mine di#erent sets of association rules. We provide the groundwork to build our access control model over existing technologies and discuss some directions for future work.

One of the main features of information flow control is to ensure the enforcement of privacy, secrecy, and confidentiality. However, most information flow models that have been proposed are too restrictive, overprotected, and inflexible. This paper presents an approach to control flow information in object-oriented systems using versions, thus allowing considerable flexibility without compromising system security by disclosing and leaking sensitive information. Models based on message filtering intercept every message exchanged among objects to control the flow of information. Versions are proposed to provide flexibility and avoid unnecessary and undesirable blocking of messages during the filtering process. Two options of operations are supported by versions -- cloning reply and non-cloning reply. Furthermore, we present an algorithm enforcing the message filtering through these operations.

We are steadily progressing towards a world where a digital identity is required to gain entrance to a wide variety of services. From access to supercomputers and computational grids to web-services or asserting the authorship of an email, the need for secure digital identities is only growing. The process for obtaining these digital tokens must be simple yet secure for all parties involved, and it must extend to virtually all types of applications. One well tested technology, X.509 certificates, can work with most of these platforms, and the existing Identity Federations can be used to initially assert a user's identity. By using these two together, we have been built a service where a user can use the local authentication credentials combination to gain world-wide recognized X.509 credentials in a matter of minutes. 1.