{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T23:13:29Z","timestamp":1776122009623,"version":"3.50.1"},"reference-count":17,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2005,11,1]],"date-time":"2005-11-01T00:00:00Z","timestamp":1130803200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2005,11]]},"abstract":"<jats:p>The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to conflicts in the overall policy in a multidomain environment. The administration problem for enterprise-wide access control, therefore, not only includes authorization management for users and resources within a single domain but also conflict resolution among heterogeneous access control policies of multiple domains to allow secure interoperation within the enterprise. This work presents design and implementation of X-GTRBAC Admin, an administration model that aims at enabling administration of role-based access control (RBAC) policies in the presence of constraints with support for conflict resolution in a multidomain environment. A key feature of the model is that it allows decentralization of policy administration tasks through the abstraction of administrative domains, which not only simplifies authorization management, but is also fundamental to the concept of decentralized conflict resolution presented. The paper also illustrates the applicability of the outlined administrative concepts in a realistic enterprise environment using an implementation prototype that facilitates policy administration in large enterprises.<\/jats:p>","DOI":"10.1145\/1108906.1108909","type":"journal-article","created":{"date-parts":[[2006,2,6]],"date-time":"2006-02-06T15:07:09Z","timestamp":1139238429000},"page":"388-423","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["X-gtrbac admin"],"prefix":"10.1145","volume":"8","author":[{"given":"Rafae","family":"Bhatti","sequence":"first","affiliation":[{"name":"Purdue University, IN"}]},{"given":"Basit","family":"Shafiq","sequence":"additional","affiliation":[{"name":"Purdue University, IN"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, IN"}]},{"given":"Arif","family":"Ghafoor","sequence":"additional","affiliation":[{"name":"Purdue University, IN"}]},{"given":"James B. D.","family":"Joshi","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, PA"}]}],"member":"320","published-online":{"date-parts":[[2005,11]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581276"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065545.1065547"},{"key":"e_1_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Bonatti P. A. Sapino M. L. and Subrahmanian V. S. 1996. . . . ESORICS. 183--197.   Bonatti P. A. Sapino M. L. and Subrahmanian V. S. 1996. Merging heterogeneous security orderings. ESORICS. 183--197.","DOI":"10.1007\/3-540-61770-1_37"},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Bonatti P. A. Vimercati S. and Samarati P. 2002. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (Feb.). 1--35. 10.1145\/504909.504910   Bonatti P. A. Vimercati S. and Samarati P. 2002. An algebra for composing access control policies ACM Transactions on Information and System Security 5 1 (Feb.). 1--35. 10.1145\/504909.504910","DOI":"10.1145\/504909.504910"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of 7th ACM Symposium on Access Control Models and Technologies (June). 10","author":"Crampton J."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008787317852"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_2_1_8_1","first-page":"1","article-title":"Computational issues in secure interoperation","volume":"22","author":"Gong L.","year":"1996","journal-title":"IEEE Transaction on Software and Engineering"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.1"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of 7th ACM Symposium on Access Control Models and Technologies (June). 10","author":"Joshi J. B. D."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2004.53"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (June). 10","author":"Oh S."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the 3rd ACM Workshop on Role-Based Access Control (Oct.). 33--40","author":"Sandhu R."},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the 15th Annual Computer Security Applications Conference (Dec.).","author":"Sandhu R."},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Shafiq B. Joshi J. Bertino E. and Ghafoor A. 2005. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (Nov.). 10.1109\/TKDE.2005.185   Shafiq B. Joshi J. Bertino E. and Ghafoor A. 2005. Secure interoperation in a multidomain environment. Accepted for publication in IEEE Transaction on Knowledge and Data Engineering 17 11 (Nov.). 10.1109\/TKDE.2005.185","DOI":"10.1109\/TKDE.2005.185"},{"key":"e_1_2_1_17_1","unstructured":"Zhang H. 2001. Improving constrained nonlinear search algorithms through constraint relaxation. Masters thesis University of Illinois at Urbana Champaign Urbana IL.  Zhang H. 2001. Improving constrained nonlinear search algorithms through constraint relaxation. Masters thesis University of Illinois at Urbana Champaign Urbana IL."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1108906.1108909","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1108906.1108909","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:07:50Z","timestamp":1750262870000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1108906.1108909"}},"subtitle":["A decentralized administration model for enterprise-wide access control"],"short-title":[],"issued":{"date-parts":[[2005,11]]},"references-count":17,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2005,11]]}},"alternative-id":["10.1145\/1108906.1108909"],"URL":"https:\/\/doi.org\/10.1145\/1108906.1108909","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005,11]]},"assertion":[{"value":"2005-11-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}