ReBAC2015: Interoperability of Relationship- and Role-Based Access Control

Date
2015-09-16
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Relationship-Based Access Control (ReBAC) is a general-purpose access control paradigm for application domains in which authorization must take into account the relationship between the access requestor and the resource owner. This thesis presents an evolution of Fong's ReBAC model in two steps. First, I formalize and extend the first time implementation of ReBAC into a production-scale medical records system, OpenMRS. This extension incorporates sophisticated authorization schemes recently proposed in the literature, as well as a performance evaluation of these schemes. Second, the model is further extended to incorporate the notion of demarcations and authorization-time constraints. These extensions allow ReBAC to interoperate with legacy Role-Based Access Control at a fine-grained level, and significantly increase the expressiveness of the model. Also presented are the design of two authorization procedures (one of which has an algorithmic structure akin to an SMT solver) along with optimization techniques.
Description
Keywords
Computer Science
Citation
Rizvi, S. Z. (2015). ReBAC2015: Interoperability of Relationship- and Role-Based Access Control (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/27553