Security Description Summary

ADM-RBAC provides an extension to ADM that allows to model access control.

Specurity Aspects

Name

Description

Specification of access control rules based on subjects (roles/teams), objects (node, content) and access category (browsing, personalizing, editing, no access).

Specification Elements

Name

Description

subject

Two kinds of subjects are considered: roles and teams. A role is an organizational position or job function that appears in the domain.

object

Objects are components of the web system affected by the access policy.

function

A function is an operation or service that belongs to the domain of application.

operation

Operations are manipulation abilities (browse, personalize and edit) on objects.

access category

The access category embodies the kinds of operations that can be performed on the objects.

Security Aspects
- Role-based access control
  Specification of access control rules based on subjects (roles/teams), objects (node, content) and access category (browsing, personalizing, editing, no access).
  Specification Elements:
  subject
  object
  function
  operation
  access category
  Threats:
  Information Disclosure
  Tampering with Data
Specification Elements
- subject
  Two kinds of subjects are considered: roles and teams. A role is an organizational position or job function that appears in the domain.
  Applies to:
  Entity
- object
  Objects are components of the web system affected by the access policy.
  Applies to:
  Entity
- function
  A function is an operation or service that belongs to the domain of application.
  Applies to:
  State
- operation
  Operations are manipulation abilities (browse, personalize and edit) on objects.
  Applies to:
  Activity
- access category
  The access category embodies the kinds of operations that can be performed on the objects.
  Applies to:
  State

ADM-RBAC Extension