XML-Based Policy Specification Framework for Spatiotemporal Access Control

摘要

Role based access control (RBAC) is an established paradigm in current enterprise resource protection environment. However, with the proliferation of mobile computing, it is being frequently observed that the RBAC access decision is directly influenced by the spatiotemporal context of both the subjects and the objects in the system. Currently, there exists few models which can handle spatiotemporal security policy on top of the classical RBAC. In this paper, an XML based policy specification framework is proposed for a spatiotemporal RBAC model. The framework is built on top of a spatiotemporal RBAC model known as ESTARBAC. It incorporates different constraints such as role hierarchy, separation of duty and cardinality, along with other constraints dependent on spatiotemporal conditions. The underlying model supports spatiotemporal role and permission extents. Use of such extents allows to specify a wide variety of spatiotemporal access control policies. The framework facilitates the administration task of a large organization by providing a convenient and efficient way of managing access control policies.