Information Technology Reference
In-Depth Information
TI
1
TO
1
TI
2
TO
2
Cert
TM
1
TM
2
B
Pw
Fig. 3.
Hierarchies for (a) collaboration environment roles
PO
1
and (b) sample contexts
PO
2
authorized for the corresponding operation on a specific object, the requested operation
is refused. Before modeling context-dependent access control for collaboration environ-
ments using the RBAC approach, we introduce a role hierarchy for a typical collaboration
environment that will be used throughout the whole paper. For this, Sect. 4.1 introduces
a sample role hierarchy for a collaboration environment. After that, we give a second hi-
erarchy representing the security levels of identification mechanisms in Sect. 4.2. Here,
we consider the supported identification mechanisms as a context parameter. This is just
an example for a context, one may think of others, e.g., used communication protocol
(http or https). For this hierarchy, we use the term
context hierarchy
.
4.1 Hierarchy for Collaboration Environments
Collaboration environments usually offer different types of user permissions. In Sect. 2,
we have already given an overview of possible roles that users can be assigned to.
Here, we will provide a role hierarchy containing all the roles of our sample scenario.
Additionally, we will outline sample permissions of these roles.
Our scenario consists of two different projects. There are three roles within a project:
team member, team initiator
and
team operator
. Additionally we have a
base role
which
is relevant for users that are currently not active in any project.
•
Role TM
1
(Team Member of Project
T1
): This role is for normal project member in
project
T1
. The users assigned to this role may access resources for regular team work.
•
Role TI
1
(Team Initiator of Project
T1
): This role is assigned to the initiator of
project
T1
. The project initiator is allowed to invite new team members to the project.
He is also allowed to change the project description and to delete the project.
•
Role TO
1
(Team Operator of Project
T1
): This role is assigned to users that are re-
sponsible for administrative tasks within a project. The team operator may select the
tools and resources that may be used in project
T1
.
•
Roles TM
2
(Team Member of Project
T2
), TI
2
(Team Initiator of Project
T2
) and TO
2
(Team Operator of Project
T2
) are analogously defined as in project
T1
.
•
Role B (Base Role): This role contains all minimal permissions assigned to all users of
the collaboration environment. It is also assigned to users that are currently not active
in specific projects.
Figure 4.1 depicts the partial order of the roles introduced above. Role B is the most
junior role. The left subtree shows all roles of project
T1
the right subtree contains all
roles of project
T2
. Within a project there are two most senior roles, the Team Initiator
and the Team Operator.
