An implementation architecture of the GTRBAC model

Generalized Temporal Role Based Access Control (GTRBAC) is an extension of the well known RBAC model that supports temporal constraints on access control policies. GTRBAC is an expressive but complex model supporting many types of temporal constraints. Presence of such many constraints poses a great challenge in implementing the GTRBAC model, making it difficult to be adopted in real organizations. In this paper, we present our novel architecture to implement the GTRBAC model. The central idea is to enforce all the different types of temporal constraints in a uniform way by generating a set of predefined system operations. In this way, our implemented GTRBAC system has the following features: (1) It can be implemented on top of any existing RBAC systems; (2) The conflicts among different types of constraints are resolved in a nature way by resolving the conflicts among those predefined system operations; (3) It is very convenient to add new types of constraints into our system. We believe our work is valuable to the organizations who are interested in the expressiveness of GTRBAC but worry about its deployment because of implementation complexity.