Recent developments in attribute-basedaccesscontrol have fueled the conventional debate regarding the pros and cons of attributes-based access control (ABAC) versus Role-basedaccesscontrol (RBAC). However, existin...
详细信息
Recent developments in attribute-basedaccesscontrol have fueled the conventional debate regarding the pros and cons of attributes-based access control (ABAC) versus Role-basedaccesscontrol (RBAC). However, existing arguments have been primarily focused on the complexity analysis of the two models instead of their comprehensive need analysis. On the contrary, the success and evolution of RBAC as a de-facto accesscontrol model is based on the thorough need analysis of using roles as a primary decision factor for controlling access. Analogously, we need to consider the application areas for comparing the use of role-based and attribute-based approach. In this regard, our work aims to bridge the gap between the RBAC and the ABAC proponents by convincing the RBAC supporters of the effectiveness of ABAC. We identify various inherent traits of RBAC which have eventually become its limitations in addressing future accesscontrol needs for providing flexible, fine-grained, multifactor, and anonymous authorization in dynamically changing and context sensitive environments. These limitations are usually addressed either through extended RBAC models or ABAC model. We analyze the two approaches with respect to their effectiveness in overcoming the identified limitations and draw the conclusion that the attribute-centric approach is the ultimate future of accesscontrol. Copyright (C) 2016 John Wiley & Sons, Ltd.
Permission management is an important part of information system which cannot be ignored. The traditional way to permission management information system is coupled to the business logic;it is difficult to adapt to ch...
详细信息
Permission management is an important part of information system which cannot be ignored. The traditional way to permission management information system is coupled to the business logic;it is difficult to adapt to changes in demand. For information on accesscontrol and rights management systems and application business logic coupling problems, because of role-basedaccesscontrol methods and attributes-based access control methods, proposed a rights management middleware architecture, permissions model, application interface(API) and deployment models. Application validation results show that the initial permission to address management and business logic decoupling to achieve functional level and data-level rights management, improve reusability and efficiency of software development.
暂无评论