Conflict Checking of Separation of Duty Constraints in RBAC -- Implementation Experiences

M. Strembeck (Austria)


Role-based Access Control, Separation of Duty


Separation of duty constraints define mutual exclusion relations between two entities (e.g. two permissions). Thus, a software component that supports the definition of separation of duty constraints implicitly requires a means to control their definition and to ensure the con sistency of the resulting runtime structures. In this pa per, we present our experiences with the implementation of conflict-checking methods for separation of duty con straints in the XORBAC access control service.

Important Links:

Go Back