Active Authorization Rules for Enforcing RBAC with Spatial Characteristics

The integration of the spatial dimension into RBAC-based models has been the hot topic as a consequence of the growing relevance of geo-spatial information in advanced GIS and mobile applications. Dynamically monitoring the state changes of an underlying system, detecting and reacting to changes without delay are crucial for the success of any access control enforcement mechanism. Thus, current systems or models should provide a flexible mechanism for enforcing RBAC with spatial characteristics in a seamless way, and adapt to policy or role structure changes in enterprises, which are indispensable to make RBAC with spatial characteristics usable in diverse domains. In this paper we will show how On-If-Then-Else authorization rules (or enhanced ECA rules) are used for enforcing RBAC with spatial characteristics in a seamless way. Large enterprises have hundreds of roles, which requires thousands of rules for providing access control, and generating these rules manually is error-prone and a cognitive-burden for non-computer specialists. Thus, in this paper, we will discuss briefly how these authorization rules can be automatically generated from high level specifications of enterprise access control policies.