Privilege Algebra for Access Control in Digital Libraries

R.G. McFadyen, Y. Chen, and F.-Y. Chan (Canada)


: access control, credential, digital library, privilege, RBAC, XML


The Web has become an important source of information. XML has been proposed as a way to encode information organized in digital libraries. In some cases, access to infor mation needs to be controlled to prevent unauthorized ac cess or update. As the number of users of a digital library can be enormous, it has been proposed that credentials, rather than user identifiers, be used to control access. De termining the roles, for a user, is shown to be equivalent to performing a partial-match query on credentials. The roles, credentials, and privileges are modelled according to RBAC (role-based access control), and so given a user's roles, a number of privileges are determined. As privileges may be complex, and as many roles may be associated with any one user, privileges may appear to conflict. We pro pose in this paper a privilege algebra for evaluating privi lege expressions. To simplify privilege expressions and to resolve conflicts that may arise, the privileges in a role/ob ject matrix are algebraically combined.

Important Links:

Go Back