Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.
[1]
Lynn Andrea Stein,et al.
Delegation is inheritance
,
1987,
OOPSLA '87.
[2]
Jonathan D. Moffett,et al.
Delegation of authority using domain-based access rules
,
1990
.
[3]
Gail-Joon Ahn,et al.
A rule-based framework for role based delegation
,
2001,
SACMAT '01.
[4]
Ravi Sandhu,et al.
A Role-Based Delegation Model and Some Extensions
,
2000
.
[5]
Morrie Gasser,et al.
An architecture for practical delegation in a distributed system
,
1990,
Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[6]
Doug Lea,et al.
Secure Delegation for Distributed Object Environments
,
1998,
COOTS.
[7]
Adrian Baldwin,et al.
Towards a more complete model of role
,
1998,
RBAC '98.
[8]
Ravi S. Sandhu,et al.
Framework for role-based delegation models
,
2000,
Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[9]
Ravi S. Sandhu,et al.
Role-Based Access Control Models
,
1996,
Computer.