xoRBAC - Brief Description:
|xoRBAC is an open source software component that
provides a policy monitor (in particular: a policy decision
point with an integrated policy repository) for Role-Based
Access Control (RBAC) policies. xoRBAC is implemented in Extended Object Tcl
(XOTcl) and can be integrated with applications providing C or Tcl
The above figure depicts the conceptual structure of the xoRBAC component. Permissions, roles, and subjects are the basic elements of xoRBAC. The Subject Management subcomponent provides means to manage subjects, that is, the entities that may actively initiate an operation. xoRBAC comprises static and dynamic constraint management as individual subsystems. The Static Constraint Management of xoRBAC is based on permissions and roles and enables the definition of static mutual exclusion (SME) constraints and cardinalities. The Dynamic Constraint Management allows for the definition of context conditions and context constraints.
The Role Hierarchy Management uses the static constraint management component to prevent the creation of role hierarchies that are disallowed by the SME constraints or cardinalities within the system. The Access Control Policy Management additionally includes the decision component and the Assignment Unit for permission/role and user/role assignment and activation. The Decision Component contains the Environment Mapping, which captures context information via sensors, and the Constraint Evaluation, which checks if the collected values match the context constraints associated with a certain conditional permission.
xoRBAC Main Features (in Version 0.7.0):
|xoRBAC API Reference, version 0.7.0, July 2009 (ps, pdf)|
Related Papers and Articles:
(author names on publications before June 2004 appear in alphabetical order)
|Copyright policy:The papers obtained from this Web site are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.|