PBDM: a flexible delegation model in RBAC

  • Authors:
  • Xinwen Zhang;Sejong Oh;Ravi Sandhu

  • Affiliations:
  • George Mason University;George Mason University;George Mason University

  • Venue:
  • Proceedings of the eighth ACM symposium on Access control models and technologies
  • Year:
  • 2003

Quantified Score

Hi-index 0.00

Visualization

Abstract

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.