%0 Journal Article
%T Separation of Duty and Context Constraints For Contextual Role-Based Access Control (C-RBAC)
%A Muhammad Nabeel Tahir
%J International Journal of Security
%D 2009
%I Computer Science Journals
%X This paper presents the separation of duty and context constraints of recently proposed Contextual Role-Based Access Control Model C-RBAC. Constraints in C-RBAC enabled the specification of a rich set of Separation of Duty (SoD) constraints over spatial purpose roles. In healthcare environment in which user roles are position and are purpose dependant, the notion of SoD is still meaningful and relevant to the concept of conflict of interest. SoD may be defined as Static Separation of Duty (SSoD) and Dynamic Separation of Duty (DSoD) depending on whether exclusive role constraints are evaluated against the user-role assignment set or against the set of roles activated in user¡¯s session. In particular, the model is capable of expressing a wider range of constraints on spatial domains, location hierarchy schemas, location hierarchy instances, spatial purposes and spatial purpose roles.
%K Separation of duty
%K Constraints
%K C-RBAC
%K Location Hierarchy Schemas
%U http://www.cscjournals.org/csc/manuscriptinfo.php?ManuscriptCode=68.69.78.40.44.47.103&JCode=IJS&EJCode=24.106&Volume=48.101&Issue=47.100#references