For security purposes, electronic devices, such as switch boxes and other communication devices, have limited access, in order to prevent unwarranted fiddling with the settings of the device. Generally, each electronic device is configured with rules defining the users allowed to access each element of the device. When a network includes many electronic devices, the configuring of the devices with access control rules may be very complex.
U.S. Pat. No. 6,023,765 to Kuhn, issued Feb. 8, 2000, the disclosure of which is entirely incorporated herein by reference, describes use of a role based access control (RBAC) method, in which the access rules to the elements of the devices are defined for abstract “roles”. Each user is associated with one or more roles and has the access permissions of the role. The use of roles avoids the need to change the configurations of devices when new users are added to a network. Another feature described in the Kuhn patent is a multi-level secure (MLS) system in which each element of each device is assigned a security level and a set of one or more categories to which it belongs. Only users having access to all the categories are allowed to access the element.
Nonetheless, the task of defining the access rules for a multi-element device or network is often very tedious, as rules have to be defined for each element. Furthermore, when new elements are added to an electronic device, for example in a software update, access rules need to be defined for these additional elements.
An article titled, “Role-Based Access Control for e-Service Integration”, by Peter Lamb, Robert Power, Gavin Walker and Michael Compton, the disclosure of which is entirely incorporated herein by reference, describes using a hierarchy of permissions, such that if a role is given permission to perform a specific task, all the tasks beneath it in the hierarchy are also allowed to be performed by the role.
Various languages have been specified for defining access control rules. A comparison between several such languages appear in “A Comparison of Modeling Strategies in Defining XML-based Access Control Languages”, Claudia Ardagna and Sabrina De Capitani di Vimercati, the disclosure of which is entirely incorporated herein by reference.