A dynamic access control model

摘要

The proposed dynamic access control model is based on description logic (DL) augmented with a default (δ) and an exception (ε) operator to capture context features. Currently, this model has an expressivity almost comparable to OrBAC system (OrBAC (Organization Based Access Control) has been formalized in first order logic), all features needed for real attribution of authorization, i.e., assigning authorization to a user according to its role in an organization in a given context. A notable difference of our model is the allowing of composed context, the addition of new context and the deduction of new authorization depending on context.