Based on organizational task decomposition, an extensive role‐based access control (ERBAC) model is proposed in this paper. In ERBAC, the abstract concept of “permission” in RBAC96 is substituted by a set of “tasks”, mutual exclusion of basic business actions and mutual exclusion of roles are presented, and separation of duty (SoD) policy is defined formally. Furthermore, a method of identifying mutual exclusion of roles is described, and static SoD and dynamic SoD algorithms are discussed. This paper is significant for modeling and implementing business‐oriented SoD policy for information systems.
Xing‐fen, W. and Yi‐jun, L. (2004), "Formal definition and implementation of business‐oriented SoD access control policy", Information Management & Computer Security, Vol. 12 No. 5, pp. 379-388. https://doi.org/10.1108/09685220410563351Download as .RIS
Emerald Group Publishing Limited
Copyright © 2004, Emerald Group Publishing Limited