TY - GEN
T1 - Constrained role-based delegation
AU - Zhang, Longhua
AU - Ahn, Gail Joon
PY - 2003
Y1 - 2003
N2 - Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.
AB - Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.
KW - Access control
KW - Authorization constraints
KW - Role-based delegation
UR - http://www.scopus.com/inward/record.url?scp=84904282903&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84904282903&partnerID=8YFLogxK
U2 - 10.1007/978-0-387-35691-4
DO - 10.1007/978-0-387-35691-4
M3 - Conference contribution
AN - SCOPUS:84904282903
SN - 9781475764895
T3 - IFIP Advances in Information and Communication Technology
SP - 289
EP - 300
BT - Security and Privacy in the age of Uncertainty - IFIP TC11 18th International Conference on Information Security, SEC 2003
PB - Springer New York LLC
T2 - IFIP TC11 18th International Conference on Information Security, SEC 2003
Y2 - 26 May 2003 through 28 May 2003
ER -