Proceedings Article10.1145/775412.775431
PBDM: a flexible delegation model in RBAC
Xinwen Zhang,Sejong Oh,Ravi Sandhu +2 more
- 02 Jun 2003
- pp 149-157
236
TL;DR: This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model, and supports both role and permission level delegation, which provides great flexibility in authority management.
read more
Abstract: Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
A Logical Approach to Dynamic Role-Based Access Control
Philippe Balbiani,Yannick Chevalier,Marwa El Houri +2 more
- 04 Sep 2008
TL;DR: This paper proposes an access control language in which RBAC and all the above-listed extensions can be encoded, and solves decision problems related to access control for policies expressed in this language.
8
Trust-based Distributed Authentication Middleware in Ubiquitous Mobile Environments
Mingwu Zhang,Shenglin Zhu,Bo Yang,Wenzheng Zhang +3 more
- 24 Aug 2007
TL;DR: The authentication protocol between requester and compliance checker is presented, which essentially unifies remote administration with credential distribution that provides the ability to construct richer security policies and easy to manage distributed middleware mobile communication, authentication and request.
8
Analysis of TRBAC with dynamic temporal role hierarchies
Emre Uzun,Vijayalakshmi Atluri,Jaideep Vaidya,Shamik Sural +3 more
- 15 Jul 2013
TL;DR: This paper proposes the temporal role based access control model extended with dynamic temporal role hierarchies, denoted as TRBACRH, and offers an approach to perform its safety analysis and presents an administrative model to govern changes to the proposed role hierarchy.
Design of a delegable SCORM conformant learning management system
Eric Jui-Lin Lu,Yi-Hui Chen +1 more
TL;DR: This paper proposed an access control and delegation model for SCORM conformant learning management systems and a prototype was developed to demonstrate the feasibility of the proposed model.
8
Flexible authorisation in dynamic e-business environments using an organisation structure-based access control model
TL;DR: By applying the proposed model, administrators can easily manage resources based on an organisational structure perspective and the resource sharing capabilities of all departments can be improved.
7
References
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
6.1K
The ARBAC97 model for role-based administration of roles
TL;DR: The motivation, intuition, and formal definition of a new role-based model for RBAC administration is described for the first time and this model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignments '97, and RRA97) dealing with different aspects ofRBAC administration.
Framework for role-based delegation models
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
TL;DR: This work develops a framework for identifying interesting cases that can be used for building role-based delegation models by identifying the characteristics related to delegation, using these characteristics to generate possible delegation cases, and using a systematic approach to reduce the large number of cases into few useful cases.
A Role-Based Delegation Model and Some Extensions
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
TL;DR: This paper proposes a simple but practically useful model for delegation called RBDM0 (role-based delegation model zero), and explores some extensions to R BDM0 including issues of revocation, partial delegation, multiple step delegation, and delegation with hierarchical roles.
189
A rule-based framework for role based delegation
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001
TL;DR: A role- based delegation model called RDM2000 (role-based delegation model 2000) is presented, which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation and a rule-based language for specifying and enforcing the policies based on RDM 2000 is introduced.
Related Papers (5)
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001