Our society is constantly moving towards richer forms of information
exchange where wired and wireless devices interact, and an
increasingly mobile work-force needs to be able to access corporate
information while at work, from home, and on the road. This tendency
has prompted the academic community to study the security problems
arising from such inter-operations. This exchange of information is
regulated by security policies describing who can access the
information in question.
The particular system for controlling access to protected resources
that will be extended in this research is known as Role-Based
Access Control. In RBAC, a given user is
assigned a collection of roles (e.g.~employee, faculty, student,
etc.). In turn, each role is assigned a collection of access
privileges. A user gains access to a resource by activating a role
which has the necessary privileges.
Mobility adds a new dimension to RBAC, since the services available to
a given user also depend on the location of the user,
agreements between parties, and the technology
underlying the connection.