Research on Usage Control Model with Delegation Characteristics Based on OM-AM Methodology

UCONABC is a basic framework of next generation access control policy Usage Control that is composed of Authorization-oBlige-Condition components, but so far it lacks of important delegation characteristic. The paper analyses the behaviors of delegation in UCON based on OM-AM engineering principles, presents a formalized usage control model with delegation features using BNF Extensions, called as UCOND, and further articulates its hybrid architecture based on Client & Server Delegation Reference Monitors and relative key protocol functions. UCOND is an extension model of UCONABC in the aspect of delegation authorization, and it resolves the delegation question of Usage Control Model. Moreover, we specify delegation procedure of an application for Digital Medium Resource Distribution System.