Representation and reasoning on RBAC: A description logic approach
Role-based access control (RBAC) is recognized as an excellent model for access control in large-scale networked applications. Formalization of RBAC in a logical approach makes it feasible to reason about a specified policy and verify its correctness. We propose a formalization of RBAC by the description logic language script A sign ℒ script C sign script Q sign. We also show that the RBAC constraints can be captured by script A sign ℒ script C sign script Q sign. Furthermore, we demonstrate how to make access control decision, perform the RBAC functions as well as check the consistency of RBAC via the description logic reasoner RACER. © Springer-Verlag Berlin Heidelberg 2005.