Role delegation in role-based access control

In distributed-computing environments, applications or users have to share resources and communicate with each other to perform their jobs more efficiently. For better performance, it is important to keep resources and the information integrity from the unexpected use by unauthorized user. Therefore, there is a strong demand for the authentication and the access control of distributed-shared resources. Nowadays, three kinds of access control, discretionary access control (DAC) mandatory access control (MAC) and role-based access control (RBAC) have been proposed. In RBAC, there are role hierarchies in which a senior role can perform the permission of a junior role. However, it is sometimes necessary for a junior role to perform a senior role’s permission, which is not allowed basically by a junior role. In this paper, we will propose a role delegation method, consisting of a role delegation server, and a role delegation protocols. We divide the delegation into two by the triggered object: active delegation and passive delegation. Consequently, a junior role can gain a senior role’s permissions.

[1]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[2]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[3]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[4]  Morris Sloman,et al.  A Security Framework Supporting Domain Based Access Control in Distributed Systems , 1996, NDSS.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Emil C. Lupu,et al.  Role-based security for distributed object systems , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[7]  Damian A. Marriott,et al.  Management policy service for distributed systems , 1996, Proceedings of Third International Workshop on Services in Distributed and Networked Environments.

[8]  Fang Chen,et al.  Constraints for role-based access control , 1996, RBAC '95.

[9]  Emil C. Lupu,et al.  A policy based role framework for access control , 1996, RBAC '95.

[10]  Emil C. Lupu,et al.  A policy based role object model , 1997, Proceedings First International Enterprise Distributed Object Computing Workshop.

[11]  Luigi Giuri Role-based access control in Java , 1998, RBAC '98.

[12]  Adrian Baldwin,et al.  Towards a more complete model of role , 1998, RBAC '98.