A unifying role and organization based access control

Abstract

Nowadays, with the exception of very small companies, almost all companies and institutions are hierarchically structured in several sub-organizations (e.g. Governments, Universities, Companies Departments, etc). In this way, despite sharing a common organization, there are advantages that roles privileges can be distinguished according each sub-organization purpose and internal structure. In this context, this paper proposes an enhanced and more versatile access control model, based on the pair of entities role and organization, adding more flexibility to previous existent models (e.g. RBAC and ROBAC). As an illustrative application scenario, it was developed an application that uses the proposed access control model, providing a means of creating a unifying physical and logical access policy. This application is used to reconfigure some open-source applications and services regardless their own implemented access control models, thus maintaining a unique access control policy.