RBAC Authorization Decision with DL Reasoning

From International Center for Computational Logic

Toggle side column

RBAC Authorization Decision with DL Reasoning

Martin KnechtelMartin Knechtel,  Jan HladikJan Hladik
Martin Knechtel, Jan Hladik
RBAC Authorization Decision with DL Reasoning
ICWI '08: Proceedings of the IADIS International Conference WWW/Internet, 169-176, 2008
  • KurzfassungAbstract
    Access control is crucial also for the Semantic Web. Technologies and Standards from the Semantic Web Community itself provide powerful means to model access control definitions and automatically reason about them. We extend Hierarchical Role Based Access Control by a class hierarchy of the accessed objects and give it the name RBAC-CH. We present a concept to implement this model in a DL knowledge base in the form of an OWL 1.1 ontology. The permissions are defined for user roles on object classes. The concrete permissions of users to objects are then automatically derived by a reasoning service. We present a straightforward ontology model and evaluate it in a running example with a state of the art reasoner. For the RBAC policy enforcement we need to run the reasoner only once and at runtime we only need to read out the inferred knowledge base to decide about authorization.
  • Forschungsgruppe:Research Group: AutomatentheorieAutomata Theory
@inproceedings{ KnHl-ICWI-08,
  author = {Martin {Knechtel} and Jan {Hladik}},
  booktitle = {ICWI '08: Proceedings of the IADIS International Conference WWW/Internet},
  pages = {169--176},
  title = {{RBAC} Authorization Decision with {DL} Reasoning},
  year = {2008},
}