Ontology-Based RBAC Specification for Interoperation in Distributed Environment

摘要

Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization. Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads. This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression. Based on these definitions, the specification for interoperation in distributed environment is introduced. The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts. The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.