An Administrative Model for Relationship-Based Access Control
Scott D. Stoller

Relationship-based access control (ReBAC) originated in the context of social network systems and recently is being generalized to be suitable for general computing systems. This paper defines a relationship-based access control model, based on Crampton and Sellwood's RPPM model, designed to be suitable for general computing systems. Our ReBAC model includes a comprehensive administrative model. The administrative model is comprehensive in the sense that it allows and controls changes to all aspects of the ReBAC policy. To the best of our knowledge, it is the first comprehensive administrative model for a ReBAC model suitable for general computing systems. The model is illustrated with parts of a sample access control policy for electronic health records in a healthcare network.

PDF, BibTeX