Constrained Role-based Delegation
نویسندگان
چکیده
Delegation is a proIIlIsmg alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.
منابع مشابه
Role Delegation for a Distributed, Unified RBAC/MAC*
The day-today operations of corporations and government agencies rely on inter-operating legacy, COTs, databases, clients, servers, etc., which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). Both access control and security assurance within these distributed applications is paramount. Of particular concern is the delegation of authority, ...
متن کاملConstrained Delegation
Sometimes it is useful to be able to separate between the management of a set of resources, and the access to the resources themselves. Current accounts of delegation do not allow such distinctions to be easily made, however. We introduce a new model for delegation to address this issue. The approach is based on the idea of controlling the possible shapes of delegation chains. We use constraint...
متن کاملA Role-Based Delegation Model and Some Extensions
In Role-based Access control (RBAC) permissions are associated with roles and users are made members of roles thereby acquiring the associated permissions. User delegation in RBAC is the ability of one user (called the delegating user) who is a member of the delegated role to authorize another user (called the delegate user) to become a member of the delegated role. This paper proposes a simple...
متن کاملFramework for Role-based Delegation Models
FRAMEWORK FOR ROLE-BASED DELEGATION MODELS Ezedin S. Barka, Ph.D. George Mason University, 2002 Dissertation Director: Dr. Ravi S. Sandhu The basic idea behind delegation is that some active entity in a system delegates authority to another active entity in order to carry out some functions on behalf of the former. Delegation can take many forms: human to human, human to machine, machine to mac...
متن کاملBatch Pairing Delegation
Abstract. Pairing-based cryptography (PBC) has enabled the construction of many cryptographic protocols. However, there are scenarios when PBC is too heavyweight to use, such as when the computing devices are resource-constrained. Pairing delegation introduced in [19] provides a solution by offloading the computation to more powerful entities. In this paper, we introduce the concept of, and con...
متن کامل