Skip to Main Content
In collaborative environment the threshold structure is common for joint authorization. Although with the powerful ability to enforce security policies, traditional RBAC hardly considers the issue. In order to solve the problem, we describe the threshold permission as a 3-tuple (obj, op, thre), which is distinguished from ordinary permission. Although there are many users who are assigned to the threshold permission, at least thre different users are required to execute jointly the threshold permission. We propose an efficient algorithm to check whether users can execute the threshold permission. We also analyses the influence of userspsila differences impacting on threshold permissions. At last, we discuss how to constraint threshold permissions and associated roles to enforce separation-of-duty which is a fundamental security principle.