Modelling Delegation and Revocation Schemes in IDP
نویسندگان
چکیده
In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these delegation chains when revoking rights, which give rise to different revocation schemes. In this paper, we show how IDP – a knowledge base system that integrates technology from ASP, SAT and CP – can be used to efficiently implement executable revocation schemes for an ownership-based access control system based on a declarative specification of their properties.
منابع مشابه
Revocation Schemes for Delegation Licences
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several delegation types, such as...
متن کاملManaging Revocation in Role Based Access Control Models Using Delegation Licences
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform the revocation and how to manage the revocation policy. We show how to deal with these two aspects in our delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several types of of delegatio...
متن کاملPostulates for Revocation Schemes
In access control frameworks with the possibility of delegating permissions and administrative rights, delegation chains can form. There are different ways to treat these delegation chains when revoking rights, which give rise to different revocation schemes. Hagström et al. [11] proposed a framework for classifying revocation schemes, in which the different revocation schemes are defined graph...
متن کاملDynamics in Delegation and Revocation Schemes: A Logical Approach
In this paper we first introduce a logic for describing formally a family of delegation and revocation models that are based on the work in Hagström et al.. We then extend our logic to accommodate an epistemic interpretation of trust within the framework that we define. What emerges from this work is a rich framework of formally well-defined delegation and revocation schemes that accommodates a...
متن کاملComprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Context. Role-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often rolebased policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1405.1584 شماره
صفحات -
تاریخ انتشار 2014