Project-oriented environments are key to supporting the co-operative work essential to collaborative research activities. However, personnel and resources in project-oriented environments are typically diverse and heterogeneous as they come from both internal as well as external domains. Providing a robust data security system in such an environment becomes critical. The ideal access control architecture should manage access to resources not only based on roles but also based on the specific nature of each resource and its involvement within the project. Traditional role-based access control (RBAC) does not consider the context which often modifies the responsibility given to resources. We propose using an enhanced role-based access control (RBAC) mechanism to address this problem. Specifically, we discuss the implementation of RBAC using ontological methods borrowed from semantic web technology. We used an ontology-based approach for specification and implementation of the RBAC in a collaborative system used within a research group to manage proteomics data, where the access control policy depends on how the project team hierarchy is structured. We describe the design and implementation of this system in this paper. We also provide a preliminary evaluation of the implementation. We find there are several advantages to using ontological methods to implement RBAC. The most significant of these is standardization, which is essential for portability. Also key is modifiability as the actual roles are defined by the ontology itself. Since data access is provided through URI handling moving to a federated system is made easier. This becomes very important in collaborative environments as the data in question is invariably distributed.
展开▼
