An OrBAC security policy editor

08/06/2017: MotOrBAC 2 v2.5.2 and the OrBAC API 1.5.3 are available for download

This is a bugfix release, a bug had been introduced in the API in the previous version in the inference engine. The bug was affecting polymorphic rules inference

23/03/2017: MotOrBAC 2 v2.5.1 and the OrBAC API 1.5.2 are available for download

Some changes have been made in the GUI and in the API, most of them being in the API. Below are some of them:

  • contexts can be either evaluated when the concrete policy is infered or when the concrete policy is queried. The previous implementation would only allow their evaluation at concrete policy query time. This is usefull when contexts conditions depend on variables which do not change during the lifetime of a policy. This also reduce the concrete policy size in memory

  • some optimizations and cleaning has been done in the API. Those optimizations are visible when policies with a lot of concrete entities are processed

12/04/2016: MotOrBAC 2 v2.5 and the OrBAC API 1.5.1 are available for download

Important changes have been made in the GUI and in the API. Below are some of them:

  • context and entity définitions are now displayed as trees, which is much more ergonomic

  • the concrete policy simulation tab can now be displayed in a separate window, which is much more user-friendly

  • it is now possible to specify administrative (AdOrBAC) obligations

  • a new context type has been introduced:: javassist contexts. They are similar to Beanshell contexts in the sense that a contextual condition is expressed in Java. The main difference is that a javassist context condition is compiled at runtime instead of being interpreted. In the few tests that we conducted, evaluating a Javassist context was 20 times faster than the Beanshell implementation

  • a declarative language, OrPol, has been designed to express OrBAC policies independently from the implementation used in the OrBAC API. A plugin is bundled with MotOrBAC to import and export policies in this language

A lot of bugs have also been fixed. For a complete list of the modifications that have been made, please consider reading the changelog.txt file in the MotOrBAC archive

06/06/2014: MotOrBAC 2 v2.4.2 and the OrBAC API v1.3.2 are available for download

This release fixes some bugs related to the management of context separation constraints in the API and the MotOrBAC GUI. Previously an exception was raised when adding a context separation constraint. In MotOrBAC the display behaviour of the constraints and the abstract conflicts has been improved.

27/09/2013: MotOrBAC 2 v2.4.1 and the OrBAC API v1.3.1 are available for download

This release is a maintenance release which fixes two bugs in the API. Please download this new version if you have trouble creating entity definitions on administrative views.

10/09/2013: MotOrBAC 2 v2.4 and the OrBAC API v1.3 are available for download

This release includes a lot of bugfixes and some improvements in the GUI. The manuals have also been updated and the campus policy example features two delegation examples. The first example shows how rule delegation is managed within the OrBAC model and the second one is about role delegation. The campus example is now packaged as two files, the first one uses the BeanShell language to express the entity definitions and the second one the Prova language. The MotOrBAC user manual now explains in detail the campus example, including the delegation examples.

Here is a detailed list of the changes in MotOrBAC:

  • improved a little the GUI layout

  • corrected a bug which was causing the context and entity definition editors to not open a window after closing the editor using the dialogbox top bar button instead of the "close" button

  • corrected a bug which was reversing the priority between two rules when adding a rule priority using the abstract conflict solver

  • corrected a bug which was triggered when modifying abstract entities hierarchies

  • corrected a bug in the dialogbox used to create abstract rules

  • corrected a bug in the "File" menu related to the "Save as..." item

  • corrected a bug introduced in the previous version which was preventing the context state table from being correctly displayed

  • the creation and deletion of abstract rules were not correctly saved in the undo/redo stack

  • the undo/redo implementation had not been introduced in the class editor, this is now fixed

  • fixed the class editor refreshing bug, the class tree was not refreshed when opening again the editor after closing it

  • added a text area under each abstract rule list to be able to specify comments for each rule

  • fixed the fact that a selected abstract rule name was drawn using a white font over a white background

  • fixed the number of columns for the abstract permission and abstract prohibition tables

  • fixed the empty combo box when opening the entity definition editor

  • fixed the fact that a null pointer exception was raised when trying to open the plugin dialog box

  • fixed the fact that context definition and entity definition modifications were not recorded on the undo/redo stack

Here is a detailed list of the changes in the API:

  • corrected a bug when deleting an abstract entity. Some hierarchy object instances were not deleted in some cases

  • added three methods to the AbstractOrbacPolicy class to retrieve the hierarchies defined for an abstract entity

  • a method has been removed from the AbstractOrbacPolicy class: GetViewDefinitionForView (multiple definitions can exist for one view, this method was only valid in a primitive version of the API)

  • removed the CContextEvaluation class which is no more used

  • some classes have became abstract (FIPredicate, FIAbstractRule, FIAbstractEntity, OrbacPredicate)

  • the Jena based implementation has been enabled again but this is no more the default proposed policy type

  • modified the way supported policy implementations are returned so that they are ordered from the prefered implementation to the less prefered

  • policy inference listeners are now being notified during the inference process in the join/fork engine used by the XmlOrbacPolicy and MysqlOrbacPolicy implementations

  • corrected a bug in the SimpleConcreteEntitiesAttributesManagement class when deleting a class

  • corrected a bug in the role delegation implementation, the list of delegated role related to a subject was not correctly computed in GetCurrentAdorbacUserDelegatedRoles()

  • corrected a bug in the FIAbstractEntity when computing the transitive closure of the organization hierarchies

  • corrected a bug in the FIAbstractPermission, FIAbstractProhibition and FIAbstractObligation classes that caused extra unactivated concrete rules to be inferred

  • corrected a bug in the XmlOrbacPolicy implementation which was causing the role_view and activity_view views to be considered in some cases respectively as a role and an activity

  • corrected a bug in the Prova interpreter, the "attribute" predicate was not correctly implemented

  • corrected a bug in the UnUseDelegation method from the XmlOrbacPolicy class, the administrative operation was checked on the view instead of the object

  • corrected a bug in the CreateSubViewAndInsertIntoOrg method in the XmlOrbacPolicy class, the created view should be used on itself if it is a sub-view of an adorbac view

  • corrected a bug in the XmlOrbacPolicy implementation which was not correctly generating abstract entity hierarchies in the GetAssociatedRolesHierarchy, GetAssociatedActivitiesHierarchy and GetAssociatedActivitiesHierarchy methods

  • added two built-in predicates to the prova interpreter, greater() and greaterEq(), because the ge() and gt() built-in bundled with the prova interpreter do not give correct results in some cases

  • added the GetAbstractRuleComments and SetAbstractRuleComments to associate comments with abstract rules

  • added the GetDelegatedPermissions and GetDelegatedObligations to get the list of delegated rules

  • added the GetAdministrativeActivities method to the AbstractOrbacPolicy class to get administrative activities only

  • added the IsAdministrativeOperationPermitted method to offer the possibility to explicitely query the administrative policy

  • changed the way delegation license names are generated. The former naming method could trigger a bug in some situations

  • changed the way role assignment names objects are managed to fix a bug in the role delegation mechanisms

  • removed the specific methods to create and delete adorbac permissions since they are represented in the same way: AddAdorbacLicense, RemoveAdorbacLicense

  • the javadoc has been updated

27/03/2013: MotOrBAC 2 v2.3.1 and the OrBAC API v1.2.3.1 are available for download

This is a bugfix release, no new features have been added:

  • A bug had been introduced when trying to create a sub-view in the MotOrBAC interface

08/02/2013: MotOrBAC 2 v2.3 and the OrBAC API v1.2.3 are available for download

The main changes are the following:

  • The MotOrBAC undo/redo implementation has been modified because the previous implementation was not compatible with some policy implementations

  • Some bugs have been fixed in the graphical interface

  • The OrBAC API has been sligthly modified

  • A new policy type is available: MysqlOrbacPolicy. This implementation stores concrete entities in a mysql database. This implementation is still experimental

  • Some bugs have been fixed in theOrBAC API

  • The manuals have been updated, including the online manual

22/03/2012: MotOrBAC 2 v2.2 and the OrBAC API v1.2.2 are available for download

The main change in this version, beside some bugfixes, are in the API. Here are the main changes:

  • The number of entity definition types is now dynamic and managed the same way contexts are managed. As a side effect the policy file format for the two provided OrBAC implementations have been slightly modified. The policy examples have been modified accordingly

  • The COrbacCore class now features a translation method to translate policies between the different implementations. For example it is possible to translate an RDF policy to the new xml format and vice versa. This functionality is available in MotOrBAC through a new export button and a dedicated menu item

  • The problem related to the dates not being correctly parsed when opening a policy has been fixed, now the date include only numbers to avoid the locale problem

  • The manuals have been updated, including the online manual

09/02/2012: MotOrBAC 2 v2.1 and the OrBAC API v1.2.1 are available for download

MotOrBAC 2 v2.1 is mainly a bugfix release but also includes policy examples for the two OrBAC policies implementations provided by the API. It also features updated documentations as well as the online manual which was missing in the previous release.

21/11/2011: MotOrBAC 2 v2.0 and the OrBAC API v1.2 are available for download

A new major version of MotOrBAC is available, MotOrBAC 2 v2.0. Among many other things this version features a new GUI and is developped using the new version of the OrBAC API:

  • The GUI has been entirely rewritten and is now easier to use

  • Drag and drop is now supported for most of the editing operation (abstract entities creation, rule creation, etc...)

  • The multiple implementations now supported by the OrBAC API is also supported by MotOrBAC. This means that MotOrBAC can be used to edit policies for all the implementations provided by the API

A new version of the OrBAC API is available, the OrBAC API v1.2:

  • It is now possible to add new implementations of the OrBAC model to the API by extending the AbstractOrbacPolicy abstract class

  • The API is bundled with two implementations. The first one is the Jena/RDF based implementation which was provided in the previous versions of the API. The second one is new and uses an ad-hoc backward chaining algorithm along with the Java 7 join/fork framework to provide a major speed increase in the concrete policy derivation process compared to the older implementation

  • The AbstractOrbacPolicy class contains an implementation of the AdOrBAC administration model. This simplifies considerably the work necessary to add a new implementation

  • The AdOrBAC model implementation now features the AdOrBAC rule and role delegation model

The archives containing respectively MotOrBAC 2, MotOrBAC 2 source code and the OrBAC API can be downloaded as usual on the sourceforge project homepage.

21/04/2009: MotOrBAC 2 v1.1 is available for download

Lots of bugs have been fixed and new functionalities have been added:

  • Bugs regarding policy editing have been fixed

  • The undo/redo feature has been fixed

  • The simulation window has been improved, in particular when displaying rules masked by other rules and in the part of the simulation window displaying the list of context states

  • A plug-in system has been introduced into the OrBAC API and can be used to extend the MotOrBAC tool

The archives containing respectively MotOrBAC 2, MotOrBAC 2 source code and the OrBAC API can be downloaded on the sourceforge project homepage.

28/05/2008: MotOrBAC 2 v1.O is available for download

This new version is more functional, easier to use and deploy than the first version and introduces the OrBAC API. This API manages OrBAC policies as RDF files. The OrBAC API has been created to enable the integration of security mechanisms into software applications. The API source code is not open, but an access request can be made on the OrBAC website. The MotOrBAC v2 user manual as well as a security policy example are included with the new version.

23/03/2007: The MotOrBAC source code archive has been updated

This is the first stable release of the source code with version number 0.1. The README file has been updated to tell the windows user to add the jpl directory containing the library dlls into the PATH environment variable. The documentation is now also included into the archive. The updated archive is available on the sourceforge project website.

22/03/2007: The MotOrBAC source code archive has been updated

The source code files have been cleaned up as some temporary files where left inside the archive. To make the compilation easier the archive now includes several scripts. The security policy example is now included in the archive. The updated archive is available on the sourceforge project website.

03/01/2007: A security policy example is available

You can find the example on the sourceforge project website. The file is named and corresponds to the example presented in the documentation.

02/15/2007: The MotOrBAC website is online :)

You will find the current version of the source code and the documentation in the download section.

Last updated June 8th 2017