Proceedings Article10.1145/775412.775431
PBDM: a flexible delegation model in RBAC
Xinwen Zhang,Sejong Oh,Ravi Sandhu +2 more
- 02 Jun 2003
- pp 149-157
236
TL;DR: This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model, and supports both role and permission level delegation, which provides great flexibility in authority management.
read more
Abstract: Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
An Administration Model for RBAC Using Hierarchical Structure
Jinshuang Li,Guiran Chang +1 more
- 13 Dec 2008
TL;DR: The concept of administrative scope is introduced and is used to manage RBAC model and a new administration model for RBAC using hierarchical structure is proposed, which has some significant advantages over both models.
1
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time
TL;DR: An authorisation architecture that is based on the Dynamically Administering Role-based Access Control (DARBAC) model, and provides access control and meta-access control capabilities, is presented.
1
Formal Specification of a Privacy Aware Access Control Framework in Web Services Paradigm using Z Notation
Rekha Bhatia,Manpreet Singh +1 more
- 27 Oct 2014
TL;DR: This paper is the first step towards automation of privacy policies and laws enforcement in traditional access control frameworks through formal specification of web services in Z notation.
1
A new role-to-role delegation model
Hu Yan
- 01 Dec 2010
TL;DR: This paper divides roles into three layers and defines some constrains to limit arbitrary delegation and uses semaphore primitive to describe the mechanism of delegation and revocation and the algorithm of this role-to-role delegation model is given.
References
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
6.1K
The ARBAC97 model for role-based administration of roles
TL;DR: The motivation, intuition, and formal definition of a new role-based model for RBAC administration is described for the first time and this model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignments '97, and RRA97) dealing with different aspects ofRBAC administration.
Framework for role-based delegation models
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
TL;DR: This work develops a framework for identifying interesting cases that can be used for building role-based delegation models by identifying the characteristics related to delegation, using these characteristics to generate possible delegation cases, and using a systematic approach to reduce the large number of cases into few useful cases.
A Role-Based Delegation Model and Some Extensions
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
TL;DR: This paper proposes a simple but practically useful model for delegation called RBDM0 (role-based delegation model zero), and explores some extensions to R BDM0 including issues of revocation, partial delegation, multiple step delegation, and delegation with hierarchical roles.
189
A rule-based framework for role based delegation
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001
TL;DR: A role- based delegation model called RDM2000 (role-based delegation model 2000) is presented, which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation and a rule-based language for specifying and enforcing the policies based on RDM 2000 is introduced.
Related Papers (5)
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001