Information Technology Reference
In-Depth Information
are situations where different identification mechanisms can be reasonable in order to
access collaboration environments from different locations, e.g., identification via an
asymmetric key pair / certificate from the user's own computer and identification via
passwords from a public computer. Of course, the user's permissions should also depend
on the strength of identification. Thus, in the case of multiple supported identification
mechanisms, the mechanism applied can be an important parameter to be respected as a
context in the access control decision. In the following, when we use the term
certificate
we always assume X.509 certificates due to their wide deployment.
In general, there are several paradigms for the realization of access control. The idea
of role-based access control (RBAC) has been extensively discussed in the past years
and is considered to be highly attractive, e.g., see [7,8]. Recently, RBAC was proposed
for access control in the web environment [9,10].
In this work, we propose the consideration of multiple identification mechanisms
for controlling access in web-based collaboration environments. We demonstrate the
realization of access control in collaboration environments using RBAC concepts. We
present a new and efficient approach for generation of complex and context-dependent
role hierarchies. Here, the context-dependent role hierarchies are produced by applying
special arithmetic operations over partially ordered sets, i.e., the direct product, to the role
hierarchy and a hierarchy which is built over identification mechanisms. Furthermore,
we show how roles are activated in web-based collaboration scenarios.
2 Collaboration Environments and UNITE
Work environments have changed. There is a upward trend to teamwork, mobile workers
traveling among different companies' premises, and non-territorial work environments.
Mobile workers need to access documents and resources, for example. Modern web-
based collaboration environments allow users to access all required resources from a
web-based user interface [2,1]. Today's collaboration environments usually provide an
integrated user interface to all kind of features that support teams during their work.
These may comprise address book, calendar, e-mail, document repository, fax, messag-
ing, video conferencing, voice-over-IP, text chat, whiteboard, application sharing, and
support for team awareness.
In the EU-IST project UNITE (Ubiquitous and Integrated Teamwork Environment)
1
Fraunhofer SIT has developed an advanced web-based collaborative team work envi-
ronment together with international partners. The objective of the UNITE project is to
support globally dispersed team work in information technology, by providing a col-
laboration platform with virtual project offices where members of project teams can
meet to exchange documents or launch collaboration and communication tools, regard-
less where they are physically located by utilizing a Java-enabled web browser [11]. In
UNITE, users are dynamically assigned to teams, whereas teams represent the different
work contexts. Each user can work in just one work context at the same time; this is
exactly the way as one usually works in the real world. Users can switch the work context
by leaving the actual team and entering a new team. All tools, services and resources are
1
The UNITE project is funded by the EU under the Information Society Technologies (IST)
Programme, Project-No. IST-2000-25436. Project Homepage: http://www.unite-project.org.
