Combination of Duty and Historical Constraints in Role-Based Access Control

Constraints are an important topic in any access control mechanism. Always, there are demands for defining new constraints or generalizing the existing ones in order to better managing and controlling organizations and specifying new policies. Among access control models, role-based access control (RBAC) is very useful and is continuously under development. In this paper, we propose a new constraint in the RBAC model based on dependent roles that we call combination of duty (CD). Furthermore, static and dynamic types of this constraint are also defined. In addition, these constraints and the two existing constraints in RBAC model (i.e. static and dynamic separation of duty (SD)) are generalized in the base of history as static historical SD, dynamic historical SD, static historical CD and dynamic historical CD.