Fuzzy role-based access control

RBAC (Role-Based Access Control) is a widely used access control model, which reduces the maintenance cost of classical identity-based access control. However, despite the benefits of RBAC, there are environments in which RBAC can hardly be applied. We present FRBAC (Fuzzy Role-Based Access Control), a generalization of RBAC through fuzzy relations that extends the applicability of RBAC to environments where authorization-related information is vague. Moreover, FRBAC deals with environments where the actions that can be executed over the resources have a fractional meaning, as data lying in databases and risk-based access control

APPROXIMATING SAML USING SIMILARITY BASED IMPRECISION

Abstract With the increasing complexity of networked systems has come the trade-off of security versus functionality; a strictly secured system is often an unusable system. As a consequence, users often entirely bypass security in order to get their job done. We consider how similarity techniques that are used by casebased reasoning systems can be used to provide a degree of control over how strictly/precisely security is enforced. The flexibility to be able to meaningfully control how strictly security is enforced is especially relevant in the emerging Web Services architectures, where a wide variety of different users and heterogeneous systems use a common framework to interoperate with a wide variety of different resources and services. The paper proposes similarity-based imprecision security (SBIS) for the Security Assertion Markup Language (SAML) as an approach to managing security in a web-services environment. Keywords: Imprecise security, SAML, Case-Based Reasoning, access control. 1