Governmental and business organizations use the standard authorization model─ Role-based access control (RBAC) ─ to specify and administer access policies for electronic resources. In RBAC-based applications, access is granted or denied based on users' credentials. However, the RBAC model lacks features that allow applications to determine access based on time and location, spatio-temporal information. This access requirement is important for a growing number of mobile applications. Researchers

more »

... have proposed new access control models to accommodate organizations' reliance on mobile applications. The General Spatio-temporal Role-Based Access Control model (GSTRBAC) is a model that incorporates time and location constraints as additional factors to grant access to resources. This paper presents the results of our undergraduate research project on creating a relational database that provides a way to store and retrieve GSTRBAC policy information. Further, the paper describes a web application that security analysts can use to administer GSTRBAC policies.