Quantified-Role Based Controllable Delegation Model

Delegation is an important secure policy that RBAC should support. Most Existing RBAC delegation models cannot effectively support fine delegation granularity and controllable propagation of permissions. This paper first introduces the concept of quantified-role and then proposes a fine-grained delegation constraint mechanism. Lastly, it gives a formal Quantified-role Based Controllable Delegation Model (QBCDM). The model supports the delegation of any part of permissions of roles, while avoiding incurring high administrative cost. It also provides mandatory constraints and fine-grained discretionary constraints, which ensure the constringency of delegation ability in multi-step delegations and significantly enhance controllability of delegation.