In large organizations the administration of access privileges (such as the assignment of an access right to a user in a particular role) is handled cooperatively through distributed administrators in various different capacities. A quorum may be necessary, or a veto may be possible for such a decision. In this paper we present two major contributions: We develop a Role-Based Access Control (RBAC) approach for specifying distributed administration requirements, and procedures between administrators, or administration teams, extending earlier work on distributed (modular) authorization. While a comprehensive specification in such a language is conceivable it would be quite tedious to evaluate, or analyze, their operational aspects and properties in practice. For this reason we create a new class of extended Petri Nets called Administration Nets such that any RBAC specification of (cooperative) administration requirements (given in terms of predicate logic formulas) can be embedded into an Administration Net. This net behaves within the constraints specified by the logical formulas, and at the same time, it explicitly exhibits all needed operational details such as to allow for an efficient and comprehensive formal analysis of administrative behavior. We introduce the new concepts and illustrate their use in several examples. While Administration Nets are much more refined and (behaviorally) explicit than work flow systems our work provides for a constructive step towards novel work-flow management tools as well.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	W. Aalst. The Application of Petri Nets to Workflow Management. The Journal of Circuits, Systems and Computers, 8(1):21--66, 1998.
	2	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
	3	Hartmann J. Genrich , Kurt Lautenbach, The Analysis of Distributed Systems by Means of Predicate ? Transition-Nets, Proceedings of the International Sympoisum on Semantics of Concurrent Computation, p.123-147, July 02-04, 1979
	4	Carlo Ghezzi , Dino Mandrioli , Sandro Morasca , Mauro Pezzè, A Unified High-Level Petri Net Formalism for Time-Critical Systems, IEEE Transactions on Software Engineering, v.17 n.2, p.160-172, February 1991  [doi>10.1109/32.67597]
	5	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	6	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
	7	Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
	8	Sejong Oh , Ravi Sandhu, A model for role administration using organization structure, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507737]
	9	Sylvia Osborn , Yuxia Guo, Modeling users in role-based access control, Proceedings of the fifth ACM workshop on Role-based access control, p.31-37, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344299]
	10	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
	11	Ravi Sandhu , Qamar Munawer, The ARBAC99 Model for Administration of Roles, Proceedings of the 15th Annual Computer Security Applications Conference, p.229, December 06-10, 1999
	12	M. Schiffers and H. Wedde. Analyzing program solutions of coordination problems by cp-nets. In A. Mazurkiewicz, editor, Proceedings of the 7th Symposium on Mathematical Foundations of Computer Science, volume~64 of Lecture Notes in Computer Science, pages 416--422. Springer Verlag, Zakopane, Poland, 1978.
	13	R. Valk. Infinitive behaviour of petri nets. Theoretical Computer Science, 25:311--341, 1983.
	14	Horst F. Wedde , Mario Lischka, Modular authorization, Proceedings of the sixth ACM symposium on Access control models and technologies, p.97-105, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373274]
	15	H. F. Wedde and M. Lischka. Composing Heterogenous Access Policies between Organizations. In Proceedings of the IADIS International Conference e-Society 2003, Lisbon/ Portuagal, June, 3-6 2003. International Association for Development of the Information Society. to be published.

• Inferring constraints from multiple snapshots ACM Transactions on Graphics (TOG)   12, 4
  David Kurlander ,  Steven Feiner
  
  
• Data structures for quadtree approximation and compression Communications of the ACM   28, 9
  Hanan Samet
  
  
• A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
  Kim S. Lee ,  Huizhu Lu ,  D. D. Fisher
  
  
• An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
  Gwo-Dong Chen ,  Daniel D. Gajski
  
  
• The GemStone object database management system Communications of the ACM   34, 10
  Paul Butterworth ,  Allen Otis ,  Jacob Stein