POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
| Hi-index | 0.00 |
This paper proposes an Attribute-Based- Delegation-Model (ABDM) with an extended delegation condition consisting of both delegation attribute expression (DAE) and prerequisite condition. In ABDM, a delegatee must satisfy delegation condition (especially DAE) when assigned to a delegation role. With delegation condition, ABDM relieves delegator and security administrator of security management work in delegation. To implement ABDM, we use XML to describe user, permission, role, delegation constraint, prerequisite condition and user's attribute expression, and XACML to describe DAEs of permissions and roles respectively. Also, we propose an extended data-flow model based on XML and XACML to show how ABDM works.