Abstract
Role-based access control associates roles with privileges and users with roles. Changes to these associations are infrequent and explicit. This may not reflect business requirements. Access to an object should not only be based on the identity of the object and the user, but also on the actual task that must be performed, i.e. the context of the work to be done. Context-sensitive access control considers the actual task when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This paper discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35515-3_53
Chapter PDF
Similar content being viewed by others
References
V.D. Gligor, S. I. Gavrila and D.Ferraiolo. On the Formal Definition of Separation of Duty Policies and their composition. Proc IEEE Symposium on Security and Privacy, May 1998.
D. Hollingsworth. The Workflow Reference Model. Document Number TC-00–1003. Issue 1. 1. 29 Nov 1994. http://www.wfinc.org
D.R. Kuhn. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. Proc 2nd ACM Workshop on Role-based Access Control, Fairfax, VA, Oct 1997.
R.S. Sandhu, E.J. Coyne, H.L.Fenstein and C.E. Youman. Role-based Access Control Models. IEEE Computer, 29(2), Feb 1996, 38–47.
R. Simon and M.E. Zurko. Separation of duty in Role-based Environments. Proc of 10th Computer Security Foundation Workshop, Rockport, Massachusetts, 10–12 Jun 1997.
R.K.Thomas and R.S. Sandhu. Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Proc IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, 11–13 August 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cholewka, D.G., Botha, R.A., Eloff, J.H.P. (2000). A Context-sensitive Access Control Model and Prototype Implementation. In: Qing, S., Eloff, J.H.P. (eds) Information Security for Global Information Infrastructures. SEC 2000. IFIP — The International Federation for Information Processing, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35515-3_35
Download citation
DOI: https://doi.org/10.1007/978-0-387-35515-3_35
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5479-7
Online ISBN: 978-0-387-35515-3
eBook Packages: Springer Book Archive