Abstract—RBAC is an excellent model in security domain. In which, users are not assigned to permissions directly but through their roles. Therefore, permissions of individual users are managed by assigning these users to appropriate roles which are quite stable. Besides, RBAC also supports role hierarchy to reduce the number of authorization policies. However, in organizations those have a large number of roles or roles changed frequently, using one role hierarchy makes the maintenance process become more complicated. Moreover, because RBAC does not support resource hierarchy, the number of policies may be very large for organizations which have many different types of resources. To overcome these drawbacks, we propose a new model to express role and resource hierarchies. These hierarchies are implemented by OWL. We show how to support the NIST standard for RBAC in our model. We also extend XACML model to support reasoning ability by defining new functions that use reasoning services based on the OWL ontology.

Index Terms—XACML, access control model, RBAC, OWL ontology, authorization reasoning.

The authors are with Faculty of Computer Science & Engineering, Ho Chi Minh City University of Technology, VNU-HCM, Vietnam (email: vanducsonha@gmail.com, dangtuananh.dangtuananh@gmail.com, khanh@cse.hcmut.edu.vn).

Cite:Ha Duc Son Van, Tuan Anh Dang, and Tran Khanh Dang, "Supporting Authorization Reasoning Based on Role and Resource Hierarchies in an Ontology-Enriched XACML Model," International Journal of Computer and Communication Engineering vol. 3, no. 3, pp. 155-159, 2014.