Good corporate governance requires an improvement of the definition and the enforcement of the employees' responsibility throughout the companies' processes. In the field of information technology, one translation of this requirement targets a strict alignment of the access control policy with the permissions needed by the employees to achieve the obligations linked to their responsibilities. There has been much work related to access control over three decades and Role Based Access Control (RBAC) has emerged as a reference model in that discipline. Although its advantages have been largely recognized, when taking into account the new governance constraints, it appears that its mechanism of assignment of users' permissions is improvable. In this paper, we propose enhancements of RBAC by taking into account the concept of responsibility and explain it can be modeled using the OWL Web Ontology Language.
|Title of host publication||Proceedings of the CAiSE 2010 Workshop Business/IT Alignment and Interoperability (BUSITAL2010)|
|Subtitle of host publication||Held in conjunction with CAiSE 2010 Conference|
|Editors||M Petit, G Gal, A Castiaux, J Ralyté, P Plebani|
|Number of pages||15|
|Publication status||Published - 2010|
- Separation of Duty.
- Access Control