A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
A non-timestamped authorization model for data management systems
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Rationale for the RBAC96 family of access control models
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
ACM Transactions on Database Systems (TODS)
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
WISE '02 Proceedings of the 3rd International Conference on Web Information Systems Engineering
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
ADC '03 Proceedings of the 14th Australasian database conference - Volume 17
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
A Global Ticket-Based Access Scheme for Mobile Users
Information Systems Frontiers
A Flexible Payment Scheme and Its Role-Based Access Control
IEEE Transactions on Knowledge and Data Engineering
A framework for role-based group deligation in distributed environments
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
Achieving secure and flexible M-services through tickets
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Advanced Permission-Role Relationship in Role-Based Access Control
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
A Mechanism for Identity Delegation at Authentication Level
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
| Hi-index | 0.00 |
Delegation models based on role-based access control (RBAC) management have been known as flexible and efficient access management for data sharing on distributed environment. Delegation revocations are a significant functionality for the models in distributed environment when the delegated roles or permissions are required to get back. However, problems may arise in the revocation process when one user delegates user U a role and another user delegates U a negative authorization of the role. This paper aims to analyse various role-based delegation revocation features through examples. Revocations are categorized in four dimensions: Dependency, Resilience, Propagation and Dominance. According the dimensions, sixteen types of revocations exist for specific requests in access management: DependentWeakLocalDelete, DependentWeakLocalNegative, DependentWeakGlobalDelete, DependentWeakGlobalNegative, IndependentWeakLocalDelete, IndependentWeakLocalNegative, IndependentWeakGlobalDelete, IndependentWeakGlobalNegative, and so on. We present revocation delegating models, and then discuss user delegation authorization and the impact of revocation operations. Finally, comparisons with other related work are indicated.