An object-oriented organizational model to support dynamic role-based access control in electronic commerce

Role-based access control (RBAC) provides flexibility to security managemen t over the traditional approach of using user and group identifiers. In RBA C, access privileges are given to roles rather than to individual users. Us ers acquire the corresponding permissions when playing different roles. Rol es can be defined simply as a label, but such an approach lacks the support to allow users to automatically change roles under different contexts; usi ng static method also adds administrative overheads in role assignment. In electronic commerce (E-Commerce) and other cooperative computing environmen ts, access to shared resources has to be controlled in the context of the e ntire business process; it is therefore necessary to model dynamic roles as a function of resource attributes and contextual information. In this paper, an object-oriented organizational model, Organization Modeli ng and Management (OMM), is presented as an underlying model to support dyn amic role definition and role resolution in E-Commerce solution. The paper describes the OMM reference model and shows how it can be applied flexibly to capture the different classes of resources within a corporation, and to maintain the complex and dynamic roles and relationships between the resour ce objects. Administrative tools use the role model in OMM to define securi ty policies for role definition and role assignment. At runtime, the E-Comm erce application and the underlying resource manager queries the OMM system to resolve roles in order to authorize any access attempts. Contrary to tr aditional approaches, OMM separates the organization model from the applica tions; thus, it allows independent and flexible role modeling to support re alistically the dynamic authorization requirements in a rapidly changing bu siness world. (C) 2000 Elsevier Science B.V. All rights reserved.