Databases Reference
In-Depth Information
user playing that role is associated with. When accessing the system, each user
has to specify the role she wishes to play and, if she is granted to play that
role, she can exploit the corresponding privileges. The access control policy is
then defined through two different steps: first the administrator defines roles
and the privileges related to each of them; second, each user is assigned with
the set of roles she can play. Roles can be hierarchically organized to exploit
the propagation of access control privileges along the hierarchy.
A user may be allowed to simultaneously play more than one role and
more users may simultaneously play the same role, even if restrictions on
their number may be imposed by the security administrator.
It is important to note that roles and groups of users are two different
concepts. A group is a named collection of users and possibly other groups,
and a role is a named collection of privileges, and possibly other roles. Fur-
thermore, while roles can be activated and deactivated directly by users at
their discretion, the membership in a group cannot be deactivated.
The main advantage of RBAC, with respect to DAC and MAC, is that
it better suits to commercial environments. In fact, in a company, it is not
important the identity of a person for her access to the system, but her re-
sponsibilities. Also, the role-based policy tries to organize privileges mapping
the organization's structure on the roles hierarchy used for access control.
3 Credential-Based Access Control
In an open and dynamic scenario, parties may be unknown to each other and
the traditional separation between
authentication
and
access control
cannot
be applied anymore. Such parties can also play the role of both client, when
requesting access to a resource, and server for the resources it makes available
for other users in the system. Advanced access control solutions should then
allow to decide, on one hand, which requester (client) is to be granted access
to the resource, and, on the other hand, which server is qualified for providing
the same resource.
Trust management
has been developed as a solution for
supporting access control in open environments [19]. The first approaches
proposing a trust management solution for access control are PolicyMaker [20]
and KeyNote [21]. The key idea of these proposals is to bind public keys to
authorizations and to use credentials to describe specific delegations of trust
among keys. The great disadvantage of these early solutions is that they assign
authorizations directly to users' keys. The authorization specification is then
dicult to manage and, moreover, the public key of a user may act as a
pseudonym of herself, thus reducing the advantages of trust management,
where the identity of the users should not be considered.
The problem of assigning authorizations directly to keys has been solved
by the introduction of
digital certificates
. A digital certificate is the on-line
counterpart of paper credentials (e.g., a driver licence). A digital certificate is
a statement, certified by a trusted entity (the certificate authority), declaring
