Research Article

A role-based infrastructure management system: design and implementation

  1. Dongwan Shin1,*,
  2. Gail-Joon Ahn1,
  3. Sangrae Cho2,
  4. Seunghun Jin2

Article first published online: 6 AUG 2004

DOI: 10.1002/cpe.807

Issue

Concurrency and Computation: Practice and Experience

Concurrency and Computation: Practice and Experience

Special Issue: Computer Security

Volume 16, Issue 11, pages 1121–1141, September 2004

Additional Information

How to Cite

Shin, D., Ahn, G.-J., Cho, S. and Jin, S. (2004), A role-based infrastructure management system: design and implementation. Concurrency and Computation: Practice and Experience, 16: 1121–1141. doi: 10.1002/cpe.807

Author Information

  1. 1

    Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC 28223, U.S.A.

  2. 2

    Department of Information Security System, Electronics and Telecommunications Research Institute, Taejon, 305-350, South Korea

*Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC 28223, U.S.A.

Publication History

  1. Issue published online: 6 AUG 2004
  2. Article first published online: 6 AUG 2004
  3. Manuscript Revised:
  4. Manuscript Accepted:
  5. Manuscript Received:

Funded by

  • Electronics and Telecommunications Research Institute
  • National Science Foundation. Grant Number: IIS-0242393

SEARCH

SEARCH BY CITATION

ARTICLE TOOLS

Get PDF (621K)

Keywords:

  • role-based access control;
  • role management;
  • role engineering;
  • role administration;
  • authorization infrastructure

Abstract

Over the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however, tends to be conducted on an ad hoc basis, closely coupled with a certain context of system environments. This paper discusses the development of a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures. We have designed and implemented the system, called RolePartner. This system enables role administrators to build and configure various components of a RBAC model so as to embody organizational access control policies which can be separated from different enforcement mechanisms. Hence the system helps make it possible to lay a foundation for role-based authorization infrastructures. Three methodological constituents are introduced for our purposes, together with the design and implementation issues. The system has a role-centric view for easily managing constrained and hierarchical roles as well as assigned users and permissions. An LDAP-accessible directory service was used for a role database. We show that the system can be seamlessly integrated with an existing privilege-based authorization infrastructure. Copyright © 2004 John Wiley & Sons, Ltd.

Get PDF (621K)