Title :
An Extended Permission-Based Delegation Authorization Model
Author :
Zhang, Zhikun ; Xiao, Jianguo ; Li, Hanyi ; Geng, Youping
Author_Institution :
Comput. Center, Peking Univ., Beijing
Abstract :
The characteristics of delegation are analyzed and defined in this paper, including time, totality, level, multi-delegation, agreement and revocation. Based on RBAC, an extended role and permission-based delegation model is redefined by separating delegate roles from original roles. Security administrators (SAs) and ordinary users have different functions and duties in the authorization and delegation. SAs only participate in the original authorization work, but ordinary users can engage in role assignment more actively. They can reassign permissions to roles. As a result the extended role and permission-based delegation model hold more flexibility in the complex application environment. The temporal constraints of delegation also imply the complexity of delegation revocation.
Keywords :
authorisation; extended permission-based delegation authorization model; role assignment; role-based access control; security administrators; Access control; Authorization; Business; Computer science; Government; Hospitals; Large-scale systems; Permission; Software engineering; Time factors; authorization; delegation; permission-based;
Conference_Titel :
Computer Science and Software Engineering, 2008 International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-3336-0
DOI :
10.1109/CSSE.2008.983
