An RBAC Model-Based Approach to Specify the Access Policies of Web-Based Emergency Information Systems Articles uri icon

publication date

  • January 2009

start page

  • 272

end page

  • 283


  • 4


  • 11

International Standard Serial Number (ISSN)

  • 0218-7965


  • One of the main design challenges of any Web-based
    Emergency Management Information System (WEMIS) is the
    diversity of users and responsibilities to be considered. Modelling the
    access capabilities of different communities of users is a most relevant
    concern for which the RBAC (Role-Based Access Control) paradigm
    provides flexible and powerful constructs. In this paper we describe
    how we used an RBAC model-based approach to specify at different
    levels of abstraction the access policy of a specific WEMIS called
    ARCE ('AplicaciĆ³n en Red para Casos de Emergencia”). This
    approach made possible to face access modelling at earlier
    development stages, so that stakeholders got involved in analytical
    and empirical evaluations to test the correctness and completeness of
    the access policy. Moreover, since the RBAC meta-model is
    embedded into a web engineering method, we put in practice a
    holistic process addressing different design perspectives in an
    integrated way.


  • Information Science
  • Telecommunications


  • emergency management system; role based access control; web engineering; user-centred design