[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: attribute/role mapping
Dear AllRegarding the Entitlement Ontology diagram (https://www.oasis-open.org/apps/org/workgroup/cloudauthz/download.php/47813/entitlement.ontology.png) I raised the issue of attribute or role mapping between the organisational role that a user possesses and the business process role that is needed to participate in the workflow.
Either the entitlement should contain the workflow role and the mapping be done by the entitlement provider, or the entitlement contains the organisational role and the mapping is done by the resource provider. In our own research we are currently adding the latter approach to OpenStack.
There are a number of published papers that talk about this, e.g.M. Coetzee and J.H.P. Eloff. Virtual Enterprise Access Control Requirements. In Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology (SAICSIT), volume 47, pages 285–294. ACM Press, 2003.
B. S. Firozabadi, O. Olsson, and E. Rissanen. Managing Authorisations in Dynamic Coalitions. Technical report, Swedish Institute of Computer Science, 2003.
M. H. Kang, J. S. Park, and J. N. Froscher. Access Control Mechanisms for Inter-Organizational Workflow. In Proceedings of the sixth ACM symposium on Access control models and technologies, pages 66–74, Chantilly, Virginia, USA, May 2001. ACM Press.
J. S. Park, K. P. Costello, T. M. Neven, and J. A. Diosomito. A Composite RBAC Approach for Large, Complex Organizations. In Proceedings of the ninth ACM symposium on Access control models and technologies, pages 163–172, Yorktown Heights, New York, USA, June 02-04 2004. ACM Press.
regards David
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]