Delegation and satisfiability in workflow systems
Proceedings of the 13th ACM symposium on Access control models and technologies
A Knowledge Based Formal Language for Securing Information Systems
KES '09 Proceedings of the 13th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems: Part I
A privacy preservation model for facebook-style social network systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Towards an understanding of social inference opportunities in social computing
Proceedings of the 17th ACM international conference on Supporting group work
OSDM: an organizational supervised delegation model for RBAC
ISC'12 Proceedings of the 15th international conference on Information Security
Model-driven adaptive delegation
Proceedings of the 12th annual international conference on Aspect-oriented software development
A modal logic for information system security
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Policy administration in tag-based authorization
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Information and Software Technology
| Hi-index | 0.00 |
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for role-based access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.