|
Title:
|
RBAC AUTHORIZATION DECISION WITH DL REASONING |
|
Author(s):
|
Martin Knechtel , Jan Hladik |
|
ISBN:
|
978-972-8924-68-3 |
|
Editors:
|
Pedro IsaĆas, Miguel Baptista Nunes and Dirk Ifenthaler |
|
Year:
|
2008 |
|
Edition:
|
Single |
|
Keywords:
|
RBAC, RBAC-CH, object class hierarchy, Description Logic, OWL 1.1, SROIQ |
|
Type:
|
Full Paper |
|
First Page:
|
169 |
|
Last Page:
|
176 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Access control is crucial also for the Semantic Web. Technologies and Standards from the Semantic Web Community
itself provide powerful means to model access control definitions and automatically reason about them. We extend
Hierarchical Role Based Access Control by a class hierarchy of the accessed objects and give it the name RBAC-CH. We
present a concept to implement this model in a DL knowledge base in the form of an OWL 1.1 ontology. The permissions
are defined for user roles on object classes. The concrete permissions of users to objects are then automatically derived by
a reasoning service. We present a straightforward ontology model and evaluate it in a running example with a state of the
art reasoner. For the RBAC policy enforcement we need to run the reasoner only once and at runtime we only need to
read out the inferred knowledge base to decide about authorization. |
|
|
|
|
|
|
