A Classification Framework Designed for Advanced Role-based Access Control Models and Mechanisms

Since its emergence in the early 1990s, role-based access control (RBAC) has gained more and more popularity. Its flexibility has been leading to a multitude of proposed access control models and mechanisms based on the role paradigm. They adapt RBAC according to the specific needs of specific settings, for example, by providing support for delegation of rights in workflow environments [6]. The goal of this paper is to develop a holistic classification framework for such models and mechanisms. By using this framework, firstly, a comparison of different models and mechanisms can be achieved. Secondly, considering them from the perspective of the classification, requirements of a specific setting can be mapped onto a model or mechanism, once the existing models and mechanisms are classified. This is particularly helpful for security officers of organizations who need to evaluate different models and mechanisms. Finally, the framework assists designers of access control models by giving them a structured view on the properties such models can have. We apply the framework to BEA WebLogic Server [10], Adage [71], and X-GTRBAC [17].