Organisation-based access control

The current approaches of the access control rest on the three entities (subject, action, object) to control the access the policy specifies that some subject has the permission to realize some action on some object.

The chosen method to fulfill this goal is the introduction of an abstract level.

The model is not restricted to permissions, but also includes the possibility to specify prohibitions and obligations.

OrBAC is context sensitive, so the policy could be expressed dynamically.

Furthermore, OrBAC owns concepts of hierarchy (organization, role, activity, view, context) and separation constraints.