Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2008: Trust, Privacy and Security in Digital Business pp 128–138Cite as

BusiROLE: A Model for Integrating Business Roles into Identity Management

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5185))

Abstract

The complexity of modern organisations’ IT landscapes has grown dramatically over the last decades. Many enterprises initiate role projects in order to reorganise their access structures based on an organisation-wide Identity Management Infrastructure (IdMI). This paper surveys role models and related literature and identifies different role properties. It shows that current role models are not feasible for their usage in IdMIs. By implementing one single type of role they fail to take business requirements and different role perceptions into account. This paper improves the current situation by developing busiROLE, a role model that integrates various types of roles, fulfilling business- as well as IT requirements, and is hence usable in IdMIs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferraiolo, D.F., Kuhn, R.D., Chandramouli, R.: Role-Based Access Control. Artech House, Boston (2007)

    Google Scholar 

  2. Larsson, E.A.: A case study: implementing novell identity management at Drew University. In: Proceedings of the 33rd annual ACM SIGUCCS conference on User services, Monterey, CA, USA (2005), http://doi.acm.org/10.1145/1099435.1099472

  3. Dhillon, G.: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns. Computers & Security 20(2), 165–172 (2001)

    Article  Google Scholar 

  4. Bank for International Settlements BIS: International Convergence of Capital Measurement and Capital Standards: A Revised Framework - Comprehensive Version (2006), http://www.bis.org/publ/bcbs128.pdf

  5. Sarbanes, P.S., Oxley, M.: Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (2002), http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3763enr.tst.pdf

  6. European Union: Directive 95/46/EC of the European Parliament and of the Council. Official Journal of the European Communities L (28-31) (1995), http://ec.europa.eu/justice_home/fsj/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf

  7. Fuchs, L., Pernul, G.: Supporting Compliant and Secure User Handling – a Structured Approach for In-house Identity Management. In: Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria (2007), http://dx.doi.org/10.1109/ARES.2007.145

  8. Walther, I., Gilleßen, S., Gebhard, M.: Ein Bezugsrahmen für Rollen in Unternehmungen. Teil 2: Klassifizierung von Rollen und Situationen. Working Paper 1/2004, University of Erlangen-Nürnberg, Department of Wirtschaftsinformatik I (2004), http://www.forsip.de/download.php?file=/publikationen/siprum/iw-sg_arbeitsbericht_2.pdf

  9. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  10. Li, N., Byun, J., Bertino, E.: A Critique of the ANSI Standard on Role-Based Access Control. IEEE Security & Privacy 5(6), 41–49 (2007)

    Article  Google Scholar 

  11. Fuchs, L., Pernul, G.: proROLE: A Process-oriented Lifecycle Model for Role Systems. In: Proceedings of the 16th European Conference on Information Systems (ECIS), Galway, Ireland (2008)

    Google Scholar 

  12. Gallaher, M. P., O’Connor, A. C., Kropp, B.: The economic impact of role-based access control. Planning report 02-1, National Institute of Standards and Technology, Gaithersburg, MD (2002), http://www.nist.gov/director/prog-ofc/report02-1.pdf

  13. McRae, R.: The Stanford Model for Access Control Administration, Stanford University (unpublished) (2002)

    Google Scholar 

  14. Wortmann, F.: Vorgehensmodelle für die rollenbasierte Autorisierung in heterogenen Systemlandschaften. Wirtschaftsinformatik 49(6), 439–447 (2007)

    Article  Google Scholar 

  15. Epstein, P., Sandhu, R.: Engineering of Role/Permission Assignments. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, LA, USA (2001), http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991529

  16. Roeckle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proceedings of the fifth ACM workshop on Role-based access control, Berlin, Germany (2000), http://doi.acm.org/10.1145/344287.344308

  17. Mintzberg, H.: Structuring of Organizations. Prentice Hall, Englewood Cliffs (1979)

    Google Scholar 

  18. Katzenbach, J.R., Smith, D.K.: The Wisdom of Teams: Creating the High-Performance Organization. Harvard Business School Press, Boston (1993)

    Google Scholar 

  19. Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the eleventh ACM symposium on Access control models and technologies, Lake Tahoe, CA, USA (2006), http://doi.acm.org/10.1145/1133058.1133067

  20. El Kalam, A.A., Benferhat, S., Miege, A., El Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the Fourth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy, June 2003, pp. 120–131 (2003), http://doi.ieeecomputersociety.org/10.1109/POLICY.2003.1206966

    Google Scholar 

  21. Seufert, S.E.: Der Entwurf strukturierter rollenbasierter Zugriffskontrollmodelle. Informatik – Forschung und Entwicklung 17(1), 1–11 (2002)

    Article  MATH  Google Scholar 

  22. Daft, R.: Organization Theory and Design, 2nd edn. West, St. Paul, Minn. (1986)

    Google Scholar 

  23. Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems 12(4), 455–485 (2003)

    Article  Google Scholar 

  24. Oh, S., Park, S.: Task-Role Based Access Control (T-RBAC): An Improved Access Control Model for Enterprise Environment. In: Ibrahim, M., Küng, J., Revell, N. (eds.) DEXA 2000. LNCS, vol. 1873. Springer, Heidelberg (2000), http://dx.doi.org/10.1016/S0306-4379-02-00029-7

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems, University of Regensburg, 93053, Regensburg, Germany

    Ludwig Fuchs

  2. Institute of Management Accounting and Control, WHU – Otto Beisheim School of Management, Burgplatz 2, 56179, Vallendar, Germany

    Anton Preis

Authors
  1. Ludwig Fuchs
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anton Preis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Steven Furnell Sokratis K. Katsikas Antonio Lioy

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fuchs, L., Preis, A. (2008). BusiROLE: A Model for Integrating Business Roles into Identity Management. In: Furnell, S., Katsikas, S.K., Lioy, A. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2008. Lecture Notes in Computer Science, vol 5185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85735-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85735-8_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85734-1

  • Online ISBN: 978-3-540-85735-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation