@inproceedings{2bcc37485ddc474fb5af20b425df2e56,
title = "Constrained role-based delegation",
abstract = "Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.",
keywords = "Access control, Authorization constraints, Role-based delegation",
author = "Longhua Zhang and Ahn, \{Gail Joon\}",
year = "2003",
doi = "10.1007/978-0-387-35691-4",
language = "English (US)",
isbn = "9781475764895",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "289--300",
booktitle = "Security and Privacy in the age of Uncertainty - IFIP TC11 18th International Conference on Information Security, SEC 2003",
note = "IFIP TC11 18th International Conference on Information Security, SEC 2003 ; Conference date: 26-05-2003 Through 28-05-2003",
}