A Model for Attribute Based Role-Role Assignment (ARRA)
This work addresses a specific problem in access control for system administrators, but it appears incremental as it builds on and unifies prior RRA models.
The paper tackles the problem of managing role-role assignments in access control systems by proposing an attribute-based model (ARRA) that unifies prior approaches, demonstrating its ability to express and unify existing RRA models.
Administrative Role Based Access Control (ARBAC) models specify how to manage user-role assignments (URA), permission-role assignments (PRA), and role-role assignments (RRA). Many approaches have been proposed in the literature for URA, PRA, and RRA. In this paper, we propose a model for attribute-based role-role assignment (ARRA), a novel way to unify prior RRA approaches. We leverage the idea that attributes of various RBAC entities such as admin users and regular roles can be used to administer RRA in a highly flexible manner. We demonstrate that ARRA can express and unify prior RRA models.