RABAC: Role-Centric Attribute-Based Access Control

  • Jin X
  • Sandhu R
  • Krishnan R
Citations of this article
Mendeley users who have this article in their library.

You may have access to this PDF.


Role-based access control (RBAC) is a commercially dominant model,standardized by the National Institute of Standards and Technology(NIST). Although RBAC provides compelling benefits for security managementit has several known deficiencies such as role explosion, whereinmultiple closely related roles are required (e.g., attending-doctorrole is separately defined for each patient). Numerous extensionsto RBAC have been proposed to overcome these shortcomings. RecentlyNIST announced an initiative to unify and standardize these extensionsby integrating roles with attributes, and identified three approaches:use attributes to dynamically assign users to roles, treat rolesas just another attribute, and constrain the permissions of a rolevia attributes. The first two approaches have been previously studied.This paper presents a formal model for the third approach for thefirst time in the literature. We propose the novel role-centric attribute-basedaccess control (RABAC) model which extends the NIST RBAC model withpermission filtering policies. Unlike prior proposals addressingthe role-explosion problem, RABAC does not fundamentally modify therole concept and integrates seamlessly with the NIST RBAC model.We also define an XACML profile for RABAC based on the existing XACMLprofile for RBAC.




Jin, X., Sandhu, R., & Krishnan, R. (2012). RABAC: Role-Centric Attribute-Based Access Control (pp. 84–96). https://doi.org/10.1007/978-3-642-33704-8_8

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free