Integration of Access Control in Information Systems: From Role Engineering to Implementation

Pervasive computing and proliferation of smart gadgets make organizations open their information systems, especially by extensive use of mobile technology: information system must be available any-time, any-where. This cannot be performed reasonably without thorough access control policies. Such an access control must be able to deal with user’s profile, time and eventually with other complex contexts like geographical position. This paper shows that it is possible to take into account confidentiality constraints straight into the logical data model in a homogeneous way, for various aspects treated independently (user profile, time, geographical position, etc.). We propose a language called LORAAM which includes a way to express authorizations at the class level. We first present the syntactical aspects, then the semantics of such a language, based on the object-oriented paradigm.