Revision as of 17:45, 14 August 2021 edit 197.211.7.86 (talk) No edit summary Tags: Reverted Visual edit Mobile edit Mobile web edit ← Previous edit		Revision as of 15:53, 8 October 2021 edit undo Serols (talk \| contribs) Extended confirmed users, Pending changes reviewers 482,778 edits m Reverted edits by 197.211.7.86 (talk) (HG) (3.4.10) Tag: Rollback Next edit →
Line 1: '''Graph-based access control''' ('''GBAC''') is a [[declarative programming\|declarative]] way to define [[access control\|access rights]], task assignments, recipients and content in information systems. The access rights are granted to objects like files or documents, but also business objects like an account. It can also be used for the assignment of agents to tasks in workflow environments. Organizations are modeled as a specific kind of semantic graph comprising the organizational units, the roles and functions as well as the human and automatic agents (i.a. persons, machines). Compared to other approaches like [[role-based access control]] or [[attribute-based access control]], the main difference is that in GBAC access rights are defined using an organizational query language instead of total enumeration. == History == The foundations of GBAC go back to a research project named CoCoSOrg (Configurable Cooperation System) [<ref name = DISS>{{cite book\|last1=Schaller\|first1=Thomas\|title=Organisationsverwaltung in CSCW-Systemen - Dissertation\|date=1998\|publisher=Bamberg University\|___location=Bamberg}}</ref>] (in English language please see <ref name = EOMAS>{{cite book\|last1=Lawall, Schaller, Reichelt\|title=Enterprise Architecture: A Formalism for Modelling Organizational Structures in Information Systems\|date=2014\|publisher=Enterprise and Organizatinal Modeling and Simulation: 10th International Workshop CAiSE2014\|___location=Thessaloniki}}</ref>) at Bamberg University. In CoCoSOrg an organization is represented as a semantic graph and a formal language is used to specify agents and their access rights in a workflow environment. Within the C-Org-Project at Hof University's Institute for Information Systems ([http://www.iisys.de/en/research/research-groups/information-management.html iisys]), the approach was extended by features like separation of duty, access control in virtual organizations <ref>{{cite journal\|last1=Lawall, Schaller, Reichelt\|title=Restricted Relations between Organizations for Cross-Organizational Processes\|journal=IEEE 16th Conference on Business Informatics (CBI),Geneva\|date=2014\|pages=74–80}}</ref> and subject-oriented access control.<ref>{{cite book\|last1=Lawall, Schaller, Reichelt\|title=S-BPM in the Wild: Role and Rights Management\|date=2015\|publisher=Springer\|___location=Berlin\|isbn=978-3-319-17541-6\|pages=171–186\|edition=1}}</ref>

Graph-based access control: Difference between revisions