next up previous
Next: Domain and Type Enforcement Up: Role Based Access Control Previous: Model Description

Comparison to RC Model

Similar to the RBAC model, RC defines subjects as processes, the active entities within a system, working on behalf of users with a current role and performing accesses to objects. However, in RC model each process can only have one active role at a time, avoiding the complex scheme of mutual exclusion. This means that in some cases several roles with overlapping rights may have to be defined.

The RBAC set of authorized roles of users is covered by the RC set of compatible roles, which are reachable from the user's default role. Even more, after changing into a role there might not be a way back to the original role. This can effectively avoid uncontrolled flow of information through process memory by switching to another role with higher privileges and then back to the original role.

The RC model can even simulate the transaction concept from the first RBAC version through program based roles and separate types for the program files: Transaction authorization is mapped as EXECUTE right on the program object type, while operations allowed for a transaction can be assigned as compatibilities to the program's assigned role.

The RBAC model does not have an equivalent for RC type abstraction, program based roles and separation of administration duty. Time limits can only be simulated through dynamic mutual exclusion.

RC only lacks role capacities, which were not considered as useful.


next up previous
Next: Domain and Type Enforcement Up: Role Based Access Control Previous: Model Description
Amon Ott