Managing Revocation in Role Based Access Control Models Using Delegation Licences
نویسندگان
چکیده
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform the revocation and how to manage the revocation policy. We show how to deal with these two aspects in our delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several types of of delegations, such as the delegation or the transfer of permissions and roles, multi-step delegation and temporary delegation. We state formally in this paper how to manage the revocation of these delegations schemes. Our model supports a wide spectrum of the revocation dimensions such as propagation, dominance, dependency, automatic/user revocation, transfer revocation, role/permission revocation.
منابع مشابه
Revocation Schemes for Delegation Licences
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several delegation types, such as...
متن کاملTowards Secure Delegation with Chinese Wall Security Policy (CWSP)
Chinese Wall Security Policy (CWSP) is a widely applied access control policy in many fields, especially in commercial world. Delegation is one of the hot topics of access control technologies. Delegation with CWSP means delegation must satisfy not only delegation constrains but CWSP as well. There exist many delegation models, such as RBDM, RDM2000 and PBDM et al, but few focus on it. This pap...
متن کاملComprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Context. Role-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often rolebased policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights a...
متن کاملPrivacy Preserving Dynamic Access Control Model with Access Delegation for eHealth
eHealth is the concept of using the stored digital data to achieve clinical, educational, and administrative goals and meet the needs of patients, experts, and medical care providers. Expansion of the utilization of information technology and in particular, the Internet of Things (IoT) in eHealth, raises various challenges, where the most important one is security and access control. In this re...
متن کاملA Delegation Framework for Task-Role Based Access Control in WFMS
Access control is important for protecting information integrity in workflow management system (WfMS). Compared to conventional access control technology such as discretionary, mandatory, and role-based access control models, task-role-based access control (TRBAC) model, an access control model based on both tasks and roles, meets more requirements for modern enterprise environments. However, f...
متن کامل