Graph-based access control

This sandbox is in the article namespace. Either move this page into your userspace, or remove the {{User sandbox}} template.

Graph-based access control is a rather new technique for granting users of information systems access rights to data objects like files or documents. It can also be used for the assignment of tasks in workflow environments. Organizations are modeled as a specific kind of semantic graph comprising the organizational structure, the roles and functions as well as the agents. Compared to other approaches like RBAC or ABAC the main difference is that in GBAC access rights are defined using an organization query language instead of total enumeration.

History

The foundations of GBAC go back to a research project named CoCoSOrg (Configurable Cooperation System) [^[1]] (in English language please see ^[2]) where the organization graph and a formal language was used to specify agents and their access rights in a workflow environment. Within the project COrg the approach was extended by features like separation of duty, access control in virtual organizations ^[3] and subject-oriented access control ^[4]].

Definition

Graph-based Access Control consists of two building blocks. A semantic graph modeling an organization and a query language.

Data Object	Read	Write
Daily Financial Report	Manager(*).(Now() - Manager.HiringYear) > 0.5 OR Manager.ReadFinancialReport == TRUE	Manager(Controlling) or Clerk(Controlling).WriteFinancialReport==TRUE

Relation to other Techniques

References

^ Schaller, Thomas (1998). Organisationsverwaltung in CSCW-Systemen. Bamberg: Bamberg University.
^ Lawall, Schaller, Reichelt (2014). Enterprise Architecture: A Formalism for Modelling Organizational Structures in Information Systems. Thessaloniki: Enterprise and Organizatinal Modeling and Simulation: 10th International Workshop CAiSE2014.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: publisher ___location (link)
^ Lawall, Schaller, Reichelt (2014). "Restricted Relations between Organizations for Cross-Organizational Processes". IEEE 16th Conference on Business Informatics (CBI),Geneva: 74–80.{{cite journal}}: CS1 maint: multiple names: authors list (link) [
^ Lawall, Schaller, Reichelt (2015). S-BPM in the Wild: Role and Rights Management (1 ed.). Berlin: Springer. pp. 171–186. ISBN 978-3-319-17541-6.{{cite book}}: CS1 maint: multiple names: authors list (link)

[1] Schaller, Thomas (1998). Organisationsverwaltung in CSCW-Systemen. Bamberg: Bamberg University.

[2] Lawall, Schaller, Reichelt (2014). Enterprise Architecture: A Formalism for Modelling Organizational Structures in Information Systems. Thessaloniki: Enterprise and Organizatinal Modeling and Simulation: 10th International Workshop CAiSE2014.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: publisher ___location (link)

[3] Lawall, Schaller, Reichelt (2014). "Restricted Relations between Organizations for Cross-Organizational Processes". IEEE 16th Conference on Business Informatics (CBI),Geneva: 74–80.{{cite journal}}: CS1 maint: multiple names: authors list (link) [

[4] Lawall, Schaller, Reichelt (2015). S-BPM in the Wild: Role and Rights Management (1 ed.). Berlin: Springer. pp. 171–186. ISBN 978-3-319-17541-6.{{cite book}}: CS1 maint: multiple names: authors list (link)

[1]

[2]

[3]

[4]

Graph-based access control

Contents

History

Definition

Relation to other Techniques

See also

References