Constraint specification for object model of access control based on role

Abstract

Constraint specifications for access control organize a set of constraints to control human-computer interaction for users to perform their duties securely and efficiently. Constraint specifications are imperative for the access control and security management of large and complex multi-user interactive applications. Existing specifications of Role-based Access Control are incomplete and complicated. This paper proposes a framework of well-defined constraint specifications for developers to build application-level access control based on users' roles. They ensure that each role is configured with consistent privileges, each actor is authorized to proper roles and then each actor can activate and play his authorized roles without interest conflicts. These formal specifications are consistent and inferable, complete and simplified, abundant and scalable for diversified multi-user applications.