My slides from my talk at Code Generation 2014 in Cambridge, UK.
rbacDSL is a text-based DSL for writing, verifying and correcting RBAC authorisation policies. It produces standard XACML policies that can be used with any XACML evaluation engine.
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
rbacDSL - slides from Code Generation 2014
1. rbacDSL: a DSL for Role-Based Access Control
Lionel Montrieux <lionel.montrieux@open.ac.uk>
The Open University, Milton Keynes, UK
2. Outline
• Background and overview (15 min.)
• Building an authorisation policy - live demo (20 min.)
• Try to think of a good example
• Bonus points for funny ones
• Current research and future directions (10 min.)
9. How it started
• rbacUML and rbacDSML
• OCL constraints
• “model smells”
• fixing incorrect models
• Rational Software Architect 8.0, UML profiles
10. Scenarios?
• Granted: user should be able to perform a list of actions
• Forbidden: !Granted
• User-Role: role should be assigned to at least one user
• Object-Role: role should allow one to perform a list of
actions on objects
• Object: at least one user should be able to perform an
action on an object
13. Current (and past) research
• Automated model fixing (the whole model) [Montrieux13]
• Adaptive access control - automated reaction to inside
threats [Bailey14]
• Dynamic access control - in progress
14. Future directions
• Attributes and conditions support
• User-specific scenarios
• XACML PAP connectors, LDAP connectors
• Dynamic access control features
• Bidirectional graph transformations
15. Any questions? email me: lionel.montrieux@open.ac.uk
get the tool: https://github.com/lmcmontrieux/rbacDSL
16. References
• All publications I co-authored are available on http://oro.open.ac.uk/
view/person/lm25566.html and http://oro.open.ac.uk/view/
person/lmcm5.html
• [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The
NIST model for role-based access control: towards a unified standard.
ACM Workshop on Role-Based Access Control 2000:47-63
• XACML: eXtensible Access Control Modeling Language - OASIS -
https://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=xacml
• Image on slide 6 re-created from http://www.xacml.info
• Images on slides 4 and 15 by J. Hardaway