On the Increasing Importance of Constraints

Abstract

In this paper, we examine how the addition of role-based access control (RBAC) model features affect the complexity of the RBAC constraint models. Constraints are used in RBAC models to constrain the assignment of permissions and principals to roles (among other things). Historically, it was assumed that the role assignments would change rather infrequently, so only a few constraints were necessary. Given new RBAC features, such as context-sensitive roles, the complexity of the restrictions that can be required is increasing because the role definitions may depend on application state. As application state changes, so do the role assignments. We examine the RBAC constraint problem using an example of a virtual university. We propose RBAC model features for simplifying the representation of constraints given our experience with this example.