Lecture Notes in Computer Science vol:7322 pages:113-127
Workshop in Information Security Theory and Practice edition:6 location:Egham date:20-22 June, 2012
Role-Based Access Control (RBAC) has become the de facto
standard for realizing authorization requirements in a wide range of organizations.
Existing RBAC models suffer from two main shortcomings;
lack of expressiveness of roles/permissions and ambiguities of their hierarchies.
Roles/permissions expressiveness is limited since roles do not
have the ability to express behaviour and state, while hierarchical RBAC
cannot reflect real organizational hierarchies. In this paper, we propose
a novel access control model: The Role-Oriented Access Control Model
(ROAC), which is based on the concepts of RBAC but inspired by the
object-oriented paradigm. ROAC greatly enhances expressiveness of roles
and permissions by introducing parameters and methods as members.
The hierarchical ROAC model supports selective inheritance of permissions.