UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

'R-What?' - Development of a role-based access control policy-writing tool for e-Scientists

Brostoff, S; Sasse, MA; Chadwick, D; Cunningham, J; Mbanaso, U; Otenko, S; (2005) 'R-What?' - Development of a role-based access control policy-writing tool for e-Scientists. SOFTWARE-PRACTICE & EXPERIENCE , 35 (9) 835 - 856. 10.1002/spe.691. Green open access

[thumbnail of licence]
Preview
PDF (licence)
RPS deposit licence.pdf

Download (95kB)

Abstract

A lightweight role-based access control policy authoring tool was developed for e-Scientists, a community for which access policies have to be implemented for an increasingly heterogeneous group of local and remote users. Two fundamental problems were identified: (1) lack of understanding of what the policy components are (i.e. how authorization policies are structured), and (2) lack of understanding of the underlying policy paradigm (i.e. what should go into the policy, and what should be left out). Conceptual design (CD) techniques were used to revise the user interface (UI) labels so that e-Scientists and developers were better able to describe access policy components from labels, and match labels with components (t = 6.28, d f = 7, p = 0.000 two-tailed). CD, instructional text, bubble help, UI behaviour and alert boxes were used to shape users' models of the policy paradigm. The final prototype improved users' efficiency and effectiveness by more than doubling the speed with which expert users could write authorization policies, and facilitating users without specialist security knowledge to overcome the policy paradigm and components problems, enabling them to complete 80 % of basic and 75 % of advanced authorization policy-writing tasks in a usability trial. Copyright (c) 2005 John Wiley & Sons, Ltd.

Type: Article
Title: 'R-What?' - Development of a role-based access control policy-writing tool for e-Scientists
Location: Oxford, ENGLAND
Open access status: An open access version is available from UCL Discovery
DOI: 10.1002/spe.691
Keywords: policy generation, usability, RBAC user interface
UCL classification: UCL
UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences
UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Brain Sciences
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/19825
Downloads since deposit
118Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item