Constrained role-based delegation

Longhua Zhang, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in the age of Uncertainty - IFIP TC11 18th International Conference on Information Security, SEC 2003
PublisherSpringer New York LLC
Pages289-300
Number of pages12
ISBN (Print)9781475764895
DOIs
StatePublished - 2003
Externally publishedYes
EventIFIP TC11 18th International Conference on Information Security, SEC 2003 - Athens, Greece
Duration: May 26 2003May 28 2003

Publication series

NameIFIP Advances in Information and Communication Technology
Volume122
ISSN (Print)1868-4238

Other

OtherIFIP TC11 18th International Conference on Information Security, SEC 2003
Country/TerritoryGreece
CityAthens
Period5/26/035/28/03

Keywords

  • Access control
  • Authorization constraints
  • Role-based delegation

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Constrained role-based delegation'. Together they form a unique fingerprint.

Cite this