¹ China Institute of Electronic Equipment System Engineering, Beijing 100141, China
² State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093, China
³ Bao-sheng Kou and Kun Zhang Chinese troop of 61046, Beijing 100097, China

---

Abstract—Nowadays the significance of the access control technology in service oriented network is increasingly highlighted. The RBAC access control model has a variety of advantages such as easy management and high efficiency. With the expansion of the network scale, a network must be divided into autonomous multi-domains for convenient management. However, there is still a lack of studies on the domain based RBAC model as the barrier of applying the RBAC to multi-domain environment, and the corresponding supporting implementation technologies for the domain based RBAC are also in weak. In this paper, we proposed a model of domain based RBAC (D-RBAC) to better adapt to the security requirements of the multi-domain environment. We firstly introduced the domain concept and model and then gave a formal description to the proposed D-RBAC model. Secondly, we designed feasible implementation architecture for the D-RBAC model and based on this architecture we proposed two supporting technologies. The fuzzy role mapping method according to user’s attributes has strong description abilities for role assignment and the convenience of realization. The dynamic collaboration domain construction framework can greatly improve the efficiency of inter-domain access control. The proposed DRBAC model and the related supporting technologies can obviously facilitate the application of RBAC in multidomain environment

Index Terms—domain based, RBAC, implementation architecture, role mapping, dynamic collaboration

[PDF]

Cite: Zan Yang, Lin Yang, Xiang-yang Luo, Lin-ru Ma, Bao-sheng Kou, and Kun Zhang, " Model of Domain based RBAC and Supporting Technologies," Journal of Computers vol. 8, no. 5, pp. 1220-1229, 2013.