An extended permission-based delegation authorization model
Document Type
Conference Proceeding
Publication Date
12-1-2008
Abstract
The characteristics of delegation are analyzed and defined in this paper, including time, totality, level, multi-delegation, agreement and revocation. Based on RBAC, an extended role and permission-based delegation model is redefined by separating delegate roles from original roles. Security administrators (SAs) and ordinary users have different functions and duties in the authorization and delegation. SAs only participate in the original authorization work, but ordinary users can engage in role assignment more actively. They can reassign permissions to roles. As a result the extended role and permission-based delegation model hold more flexibility in the complex application environment. The temporal constraints of delegation also imply the complexity of delegation revocation. © 2008 IEEE.
Publication Title
Proceedings - International Conference on Computer Science and Software Engineering, CSSE 2008
Recommended Citation
Zhikun, Z.,
Jianguo, X.,
Hanyi, L.,
&
Youping, G.
(2008).
An extended permission-based delegation authorization model.
Proceedings - International Conference on Computer Science and Software Engineering, CSSE 2008,
3, 696-699.
http://doi.org/10.1109/CSSE.2008.983
Retrieved from: https://digitalcommons.mtu.edu/michigantech-p/10392