Supporting Role Based Provisioning with Rules Using OWL and F-Logic
The rule-based RBAC (RB-RBAC) model has been proposed to dynamically assign users to roles based on a set of rules. We identify
two problems of this model: simplified rule language with limited expressiveness and the lack of rule reasoning capabilities.
In this paper we propose an expressive and extensible provisioning framework that overcomes these drawbacks. Our framework
supports complex user-role assignment rules and provides rule reasoning capabilities using OWL DL and F-Logic. Furthermore,
we show how our approach supports (i) weak and strong negation to enhance expressiveness and strictness, (ii) defining static
SoD constraints, and (iii) detecting conflicts. Finally, the paper describes a mechanism to deduce well-formed SPML requests
from rules to provision policy systems with entitlements.