An RBAC Model-Based Approach to Specify the Access Policies of Web-Based Emergency Information Systems Articles

authors

published in

International Journal of Intelligent Control and Systems Journal

publication date

January 2009

start page

272

end page

283

issue

4

volume

11

International Standard Serial Number (ISSN)

0218-7965

abstract

One of the main design challenges of any Web-based
Emergency Management Information System (WEMIS) is the
diversity of users and responsibilities to be considered. Modelling the
access capabilities of different communities of users is a most relevant
concern for which the RBAC (Role-Based Access Control) paradigm
provides flexible and powerful constructs. In this paper we describe
how we used an RBAC model-based approach to specify at different
levels of abstraction the access policy of a specific WEMIS called
ARCE ('Aplicación en Red para Casos de Emergencia”). This
approach made possible to face access modelling at earlier
development stages, so that stakeholders got involved in analytical
and empirical evaluations to test the correctness and completeness of
the access policy. Moreover, since the RBAC meta-model is
embedded into a web engineering method, we put in practice a
holistic process addressing different design perspectives in an
integrated way.

subjects

Information Science
Telecommunications

keywords

emergency management system; role based access control; web engineering; user-centred design