Abstract
Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles can be active at certain time periods and non active at others; moreover, there can be activation dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extensions of the RBAC model. TRBAC supports both periodic activations and deactivations of roles, and temporal dependencies among such actions, expressed by means of role triggers, whose actions may be either executed immediately, or be deferred by an explicity specified amount of time. Both triggers and periodic activations/deactivations may have a priority associated with them, in order to resolve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, an implementation architecture is outlined.