A role-based administration model for attributes

Abstract

Attribute based access control (ABAC) provides flexibility and scalability for securely managing access to resources, particularly in distributed environments. In ABAC, access requests are authorized through policies evaluated with respect to attributes of various entities such as users, subjects, objects, context, etc. Administration of user attributes is one of the major issues in ABAC. However, there has been little research in this area. This paper proposes a framework to administer user attributes using role based access control (RBAC). Our motivation is that RBAC has demonstrated advantages in ease of administration and is widely deployed in the industry. Thus, an appealing possibility is to use RBAC to manage user attributes. In this paper we propose a generalized version of the user role assignment model in the ARBAC97 administrative role based access control model. The generalized version treats role as just one possible attribute of the user. The paper explores the model's advantages and limitations and provides guidance for future development of more comprehensive user attribute administrative models.