Authentication and authorization: Domain specific Role Based Access Control using Ontology

Access control technologies are being used today in various organizations for assuring the secure and authorized access to the sensitive data or resources. Many technologies have emerged from the past like Discretionary Access Control (DAC) and Mandatory Access Control (MAC). But these technologies had restrictions associated with them to be used for all organizations in commercial arena. The Role Based Access Control (RBAC) has emerged some years back and has become the most widely used technology across organizations for controlling the access. The administration and management of privileges becomes easy as roles can be updated without updating the privileges for every user on an individual basis. In this paper we are implementing Role Based access Control (RBAC) for University domain using Ontology. Roles are implemented in the form of classes having permissions associated with them, in turn making the process of administration and management of access control easy. Two step accesses are provided, first is Authentication and second is Authorization.