Last update: Sun Aug 5 02:03:07 MDT 2018
@Article{Han:2000:OOM,
author = "Yan Han and Liu Fengyu and Zhang Hong",
title = "An object-oriented model of access control based on
role",
journal = j-SIGSOFT,
volume = "25",
number = "2",
pages = "64--68",
month = mar,
year = "2000",
CODEN = "SFENDP",
DOI = "https://doi.org/10.1145/346057.346075",
ISSN = "0163-5948 (print), 1943-5843 (electronic)",
ISSN-L = "0163-5948",
bibdate = "Wed Aug 1 17:13:56 MDT 2018",
bibsource = "http://www.math.utah.edu/pub/tex/bib/sigsoft2000.bib",
abstract = "At present, majority access control models mainly deal
with data-protection at the back-end of applications.
However, they are not applicable for large and complex
multi-user applications. Though Object Technology has
turned into one of the mainstream approaches for large
and complex applications development, it still lacks a
general model of application-level access control.
While the existing models of role-based access control
could simplify privilege management, they neglect the
dynamic features of activated roles. This paper
proposes an object-oriented model in Unified Modeling
Language supporting application-level access control
based on users' roles. In the model, an interface type
is provided containing a set of operations as user
services, which are authorized to users via their
roles. To represent the activated roles, Role-Playing
is introduced, and it is modeled as an active class.
Every object of Role-Playing runs in particular
context, which restrict users' rights dynamically and
control users' interaction actively. The model is
suitable for multi-user interactive computing and
distributed information-processing systems.",
acknowledgement = ack-nhfb,
fjournal = "ACM SIGSOFT Software Engineering Notes",
journal-URL = "https://dl.acm.org/citation.cfm?id=J728",
}