Using XML to implement Attribute-Based Delegation

In existing information systems, a delegation means a user who can assign his/her permissions to someone. In these information systems, however, the delegation security depends entirely on delegations and system administrators, for delegation constraint in delegation is only a prerequisite role. This paper proposes an Attribute-Based Delegation Model (ABDM) with an extended delegation condition consisting of both delegation attribute expression (DAE) and delegation prerequisite role (CR). In ABDM, a delegator can restrict the delegatee candidates more strictly, thus relieves delegator and system administrator of security management workload in delegation. To implement ABDM in a web or distributed environment, XML is employed to represent all kinds of data used in delegation, such as user, permission, role, delegation attribute expression, prerequisite role and other delegation constraints. An implementation architecture of ABDM is also given in this paper.