MotOrBAC is a tool to help you design and implement a security policy using the OrBAC (Organisation Based Access Control) model. It is developped using the OrBAC API, an implementation of the OrBAC model.
Specifying an OrBAC policy consists in defining an organization hierarchy as well as roles, activities and views hierarchies. Then contexts can be added and used in security rules specification. You can see the organization and role hierarchies on the image
Abstract rules specification. Seven permissions are displayed, you can notice that the violation context column being irrelevant for permissions, no context is displayed in it. You can also see the prohibition and obligtation tabs
MotOrBAC can display abstract and concrete conflicts. You can see on the image above the abstract conflicts detected in an abstract policy. The different colors show couples of conflicting rules. The contextual menu shown contains solutions proposed to the policy designer to solve a conflict
Several languages are available to express contextual conditions. On this screenshot you can see in the dialog box a Prova context, expressed using an implementation of Prolog. In the main MotOrBAC GUI you can see a BeanShell context
When creating a new OrBAC policy, the user can choose from available implementations. The API version bundled with MotOrBAC contains two implementations
In the OrBAC model, a concrete policy which applies to the subjects, actions and objects of a system is derived from an abstract policy specified at the organizationnal level. MotOrBAC can show the concrete policy infered from an abstract policy and for each concrete rule show its activation state