Integration of Access Control in Information Systems: From Role Engineering to Implementation

Abstract : Pervasive computing and proliferation of smart gadgets lead organizations to open their information systems, especially by extensive use of mobile technology: information systems must be available any-time, any-where, on any media. This cannot be done reasonably without thorough access control policies. Such access control must be able to deal with user profile, time and even with more complex contexts including geographical position. This paper shows that it is possible to take into account confidentiality constraints straight into the logical data model in a homogeneous way, for various aspects generally treated independently (user profile, time, geographical position, etc.). We propose a language called RAPOOL which allows the expression of authorizations at the class level. We first present the syntactical aspects, then the semantics of the language, based on the object-oriented paradigm.
Document type :
Journal articles
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01581366
Contributor : Équipe Gestionnaire Des Publications Si Liris <>
Submitted on : Monday, September 4, 2017 - 3:16:19 PM
Last modification on : Tuesday, August 20, 2019 - 3:40:07 PM

Identifiers

  • HAL Id : hal-01581366, version 1

Citation

Romuald Thion, Stéphane Coulondre. Integration of Access Control in Information Systems: From Role Engineering to Implementation. Informatica, Slovene Society Informatika, Ljubljana, 2006, 1, 30, pp.87-95. ⟨hal-01581366⟩

Share

Metrics

Record views

94