|
With the latest trends in collaborative environments, such as Web 2.0 and cooperative
projects on grids, more and more resources are being shared by different
groups and organizations in order to support network configuration audit. Depending on several
factors such as the task, the participants, and data sensitivity, access to these
shared resources needs to be controlled and enforced by security policies. The
role-based access control (RBAC) model defines roles that have specific privileges
on resources and decouples the identity of the users from the resources [15].
In the RBAC model and its variations, constraints can be placed for example on
the associations of users with roles or of roles with permissions. When the number
of users is high in comparison with the number of roles [1, 2], an automated
way to grant permissions is desirable in order to eliminate the burden of manually
assigning roles to users. The RBAC model is particularly suited to dynamic
task-oriented environments due to its flexibility and policy-neutrality [14], which
enables it to express a large range of policies.
|
