Functionality and implementation issues for complex authorisation models

Jim Longstaff, M. Lockyer, A. Howitt

    Research output: Contribution to journalArticlepeer-review

    3 Citations (Scopus)


    The concepts and benefits of Role-Based Access Control (RBAC) are first reviewed. As an example of enhanced authorisation functionality, the Tees Confidentiality Model (TCM), which is an authorisation model suitable for complex web applications in addition to computer systems administration is then presented. The TCM is based on a range of permission types, called Confidentiality Permission Types, which are processed in a defined order. Confidentiality permissions may have negative values (i.e. they may deny access), and may be overridden by authorised users in carefully specified ways. An arbitrary number of Authorisation Classifiers for users and protected objects may be specified. Confidentiality Permission Types are defined in terms of classifiers. A single concept of Collection is used for structuring classifier values, including roles, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions specify inheritance within collections, thereby providing a mechanism for confidentiality permission assignment. A demanding scenario from electronic health records is used to illustrate the power of the model.

    Original languageEnglish
    Pages (from-to)7-15
    Number of pages9
    JournalIEE Proceedings: Software
    Issue number1
    Publication statusPublished - 1 Feb 2006


    Dive into the research topics of 'Functionality and implementation issues for complex authorisation models'. Together they form a unique fingerprint.

    Cite this