Graph-based access control: Difference between revisions

The organization graph is divided into a type and an instance level. On the instance level there are node types for organization units, functional units and agents. The basic structure of an organization is defined using the so called ″structural relation″relations″. They definingdefine the ″is part of″- relations between functional units and organization unitunits as well as the mapping of agents to functional units. Additionally there are specific relationship types like ″deputyship″ or ″informs″″informed_by″. thatThese types can be extended by the usermodeler. All relationships can be context sensitive viathrough the usage of predicates defining constraints that have to be true in order for the arc to be valid.

The type level is used for the purpose of re-usage. It consists of organization unit types, functional unit types and the same relationship types as on the instance level. Types are typical organization structures that can be used to create new instances or reuse organization knowledge in case of exceptions (for further reading see <ref name=DISS/> <ref name=EOMAS />).