An Administrative Model for Relationship-Based Access Control [chapter]

Scott D. Stoller
2015 Lecture Notes in Computer Science  
Relationship-based access control (ReBAC) originated in the context of social network systems and recently is being generalized to be suitable for general computing systems. This paper defines a ReBAC model, based on Crampton and Sellwood's RPPM model, designed to be suitable for general computing systems. Our ReBAC model includes a comprehensive administrative model. The administrative model is comprehensive in the sense that it allows and controls changes to all aspects of the ReBAC policy.
more » ... the best of our knowledge, it is the first comprehensive administrative model for a ReBAC model suitable for general computing systems. The model is illustrated with parts of a sample access control policy for electronic health records in a healthcare network.
doi:10.1007/978-3-319-20810-7_4 fatcat:fkzd32xqjbh5hhvcdy3twxo3me