Secure role activation and authorization in the enterprise environment

Role Based Access Control (RBAC) [3] is a popular approach to specify and enforce security policies in organizations. In large enterprise systems, the number of users, roles and permissions can be in hundreds or thousands and the security management can be a tedious task. One way to simplify the security management in RBAC is to allow the specification and the enforcement of dynamic constraints to be decentralized [7]. In this paper, we discuss the issues for supporting secure role activation and authorization when the decentralized approach to role activation management is adopted. Secure protocols are proposed to handle the processes of role assignment, role activation and authorization. © Springer-Verlag Berlin Heidelberg 2005.link_to_subscribed_fulltex