Chadwick et al., 2002 - Google Patents
RBAC policies in XML for X. 509 based privilege managementChadwick et al., 2002
View PDF- Document ID
- 4925431314751458476
- Author
- Chadwick D
- Otenko A
- Publication year
- Publication venue
- Security in the Information Society: Visions and Perspectives
External Links
Snippet
This paper describes a role based access control policy template for use by privilege management infrastructures where the roles are stored as X. 509 Attribute Certificates in an LDAP directory. There is a brief description of the X. 509 privilege management model, and …
- 239000003999 initiator 0 description 6
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation, e.g. computer aided management of electronic mail or groupware; Time management, e.g. calendars, reminders, meetings or time accounting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
- H04L63/104—Grouping of entities
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chadwick et al. | RBAC policies in XML for X. 509 based privilege management | |
| Chadwick et al. | The PERMIS X. 509 role based privilege management infrastructure | |
| Ferraiolo et al. | Extensible access control markup language (XACML) and next generation access control (NGAC) | |
| Zhang et al. | A role-based delegation framework for healthcare information systems | |
| Chadwick et al. | Role-based access control with X. 509 attribute certificates | |
| US6044466A (en) | Flexible and dynamic derivation of permissions | |
| Karjoth | Access control with IBM Tivoli access manager | |
| US6772157B2 (en) | Delegated administration of information in a database directory | |
| US8056114B2 (en) | Implementing access control policies across dissimilar access control platforms | |
| US20090205018A1 (en) | Method and system for the specification and enforcement of arbitrary attribute-based access control policies | |
| US20060089932A1 (en) | Role-based access control system, method and computer program product | |
| Priebe et al. | Supporting attribute-based access control in authentication and authorization infrastructures with ontologies | |
| US20030163438A1 (en) | Delegated administration of information in a database directory using at least one arbitrary group of users | |
| US20040073668A1 (en) | Policy delegation for access control | |
| US6898595B2 (en) | Searching and matching a set of query strings used for accessing information in a database directory | |
| JP2004523826A (en) | Delegated management of database directory information using attribute permission | |
| Vavadharajan et al. | Authorization in enterprise-wide distributed system: a practical design and application | |
| Ahn et al. | Authorization management for role-based collaboration | |
| Bacon et al. | Access control and trust in the use of widely distributed services | |
| Ferraiolo et al. | On the unification of access control and data services | |
| Nazareth et al. | Using spki/sdsi for distributed maintenance of attribute release policies in shibboleth | |
| Bouwman et al. | Rights management for role-based access control | |
| Chadwick et al. | Implementing Role Based Access Controls using X. 509 Privilege Management-the PERMIS Authorisation Infrastructure | |
| Sabahein et al. | Incorporating delegation into ABAC: Healthcare information system use case | |
| JP4723930B2 (en) | Compound access authorization method and apparatus |