Delegating revocations and authorizations in collaborative business environments

Authors:
Hua Wang;Jinli Cao;Yanchun Zhang
Affiliations:
Department of Maths & Computing, University of Southern Queensland, Toowoomba, Australia 4350;Department of Computer Science & Computer Engineering, La Trobe University, Melbourne, Australia 3086;School of Computer Science and Mathematics, Victoria University, Melbourne City, Australia MC8001
Venue:
Information Systems Frontiers
Year:
2009

Citing 25
Cited 0

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
A non-timestamped authorization model for data management systems

CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Rationale for the RBAC96 family of access control models

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Role activation hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Supporting relationships in access control using role based access control

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
On an authorization mechanism

ACM Transactions on Database Systems (TODS)
A role-based delegation framework for healthcare information systems

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
XSLT Programmer's Reference

XSLT Programmer's Reference
Formal Authorization Allocation Approaches for Role-Based Access Control Based on Relational Algebra Operations

WISE '02 Proceedings of the 3rd International Conference on Web Information Systems Engineering
Framework for role-based delegation models

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Formal authorisation allocation approaches for permission-role assignments using relational algebra operations

ADC '03 Proceedings of the 14th Australasian database conference - Volume 17
Revocations-A Classification

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Revocation Schemes for Delegated Authorities

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Consumer Scalable Anonymity Payment Scheme with Role-Based Access Control

WISE '01 Proceedings of the Second International Conference on Web Information Systems Engineering (WISE'01) Volume 1 - Volume 1
A rule-based framework for role-based delegation and revocation

ACM Transactions on Information and System Security (TISSEC)
A Global Ticket-Based Access Scheme for Mobile Users

Information Systems Frontiers
A Role-Based Framework for Business Process Modeling

HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 1 - Volume 01
A Flexible Payment Scheme and Its Role-Based Access Control

IEEE Transactions on Knowledge and Data Engineering
A framework for role-based group deligation in distributed environments

ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
Access Control and Authorization Constraints for WS-BPEL

ICWS '06 Proceedings of the IEEE International Conference on Web Services
Access control in collaborative commerce

Decision Support Systems
Version management in the business process change context

BPM'07 Proceedings of the 5th international conference on Business process management
Achieving secure and flexible M-services through tickets

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Understanding motivations for Internet use in distance education

IEEE Transactions on Education

Quantified Score

Hi-index	0.00

Visualization

Abstract

Efficient collaboration allows organizations and individuals to improve the efficiency and quality of their business activities. Delegations, as a signif icant approach, may occur as workflow collabora tions, supply chain collaborations, or collaborative commerce. Role-based delegation models have been used as flexible and efficient access management for collaborative business environments. Delegation revocations can provide significant functionalities for the models in business environments when the delegated roles or permissions are required to get back. However, problems may arise in the revocation process when one user delegates user U a role and another user delegates U a negative authorization of the role. This paper aims to analyse various role-based delegation revocation features through examples. Revocations are categorized in four dimensions: Dependency, Resilience, Propagation and Dominance. According to these dimensions, sixteen types of revocations exist for specific requests in collaborative business environments: DependentWeakLocalDelete, Dependent WeakLocalNegative, DependentWeakGlobalDelete, DependentWeakGlobalNegative, IndependentWeak LocalDelete, IndependentWeakLocalNegative, Inde pendentWeakGlobalDelete, IndependentWeakGlobal Negative, and so on. We present revocation delegating models, and then discuss user delegation authorization and the impact of revocation operations. Finally, comparisons with other related work are discussed.