A Self-Administrative Sub-Role-Based Delegation Model for PMI Systems

  • Yueqin Liu
  • Yanqin Zhu
  • Xizhao Luo
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 4)

The role-based access control (RBAC) model [1] has emerged since the 1990s as a promising approach for managing and enforcing security in a huge and complex system. The essential idea of RBAC is that privileges are associated with roles, and users are assigned to appropriate roles, thereby acquiring the roles’ permissions. It provides availability, integrity, and confidentiality services for information systems and is deeply studied and generally used.

Delegation is referred to when one active entity in a system delegates its authority to another entity to carry out some functions [2]. It is a promising approach to realizing more flexible and scalable authorization management for the distributed systems. In a flexible access control model, it is necessary to have delegation of access rights between subjects, especially in a large distributed system. In the existing RBAC models, authorization delegations between subjects are only carried out by authorization management users. However, in distributed systems, networks, and cooperative computing systems, the numbers of users, permissions, and resources usually are large, and the relations among them are very complicated. Thus central authorization delegation can not meet the authorization management needs of a distributed system.


Access Control Model Role Assignment Policy Decision Point Role Hierarchy Delegation Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sandhu R, Coyne E, Feinstein H, Youman C (1996) Role-based access control models. IEEE Computer Society Press 29:38–47Google Scholar
  2. 2.
    Barka E, Sandhu R (2000) A Role-based delegation model and some extensions. In: Proc of 23rd national information systems security conference (NISSC2000)Google Scholar
  3. 3.
    Sandhu R, Bhamidipati V, Munawer Q (1999) The ARBAC97 model for role-based administration of roles. In: Proc of 1st ACM transactions on information and system security. ACM Press, New York, pp 105–135Google Scholar
  4. 4.
    Barka E, Sandhu R (2000) Framework for role-based delegation models. In: Proceedings of 16th annual computer security application conference (ACSAC 2000)Google Scholar
  5. 5.
    Longhua Z, Gail-Joon A, Bei-Tseng C (2002) A Rule-based framework for role-based delegation. In: Proceedings of 6th ACM symposium on access control models and technologies (SACMAT 2001). ACM Press, New York, pp 153–162Google Scholar
  6. 6.
    Zhang X, Oh S, Sandhu R (2003) PBDM: A Flexible delegation model in RBAC. In: Ferrari E, Ferraiolo D (eds) Proceedings of the 8th ACM symposium on access control models and technologies. ACM Press, New York, pp 149–157Google Scholar
  7. 7.
    Park D-G, Lee Y-R (2005) A Flexible role-based delegation model using characteristics of permissions. Springer-Verlag, Korea, pp 310–323Google Scholar
  8. 8.
    ITU-T Recommendation X.509, Information Technology: Open Systems Interconnection- The Directory: Public-Key And Attribute Certificate Frameworks, 2000Google Scholar
  9. 9.
  10. 10.
    Chadwick DW, Otenko A (2003) The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems, 19:277–289CrossRefGoogle Scholar
  11. 11.
    Chadwick DW, Otenko A (2002) RBAC Policies in XML for X.509 based privilege management. In: Proceedings of IFIPTC11 17th international conference on information security (SEC 2002), pp 39–53Google Scholar
  12. 12.
    Yi YH, Kim M (2003) Applying RBAC providing restricted permission inheritance to a corporate web environment. APWeb Conference, Lecture Notes in Computer Science (LNCS) 2642, pp 287–292CrossRefGoogle Scholar
  13. 13.
    Agudo I, Lopez J, Montenegro JA (2005) A Representation model of trust relationships with delegation extensions. Springer-Verlag, Spain, pp 116–130Google Scholar
  14. 14.
    Montenegro JA, Moya F (2004) A Practical approach of X.509 attribute certificate framework as support to obtain privilege delegation. Springer-Verlag, Spain, pp 160–172Google Scholar
  15. 15.
    Wahl M (1997) A Summary of the X.500(96) user schema for use with LDAPv3, RFC 2256Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Yueqin Liu
    • 1
  • Yanqin Zhu
    • 1
  • Xizhao Luo
    • 1
  1. 1.School of Computer Science and TechnologySoochow UniversityChina

Personalised recommendations