A Self-Administrative Sub-Role-Based Delegation Model for PMI Systems
The role-based access control (RBAC) model  has emerged since the 1990s as a promising approach for managing and enforcing security in a huge and complex system. The essential idea of RBAC is that privileges are associated with roles, and users are assigned to appropriate roles, thereby acquiring the roles’ permissions. It provides availability, integrity, and confidentiality services for information systems and is deeply studied and generally used.
Delegation is referred to when one active entity in a system delegates its authority to another entity to carry out some functions . It is a promising approach to realizing more flexible and scalable authorization management for the distributed systems. In a flexible access control model, it is necessary to have delegation of access rights between subjects, especially in a large distributed system. In the existing RBAC models, authorization delegations between subjects are only carried out by authorization management users. However, in distributed systems, networks, and cooperative computing systems, the numbers of users, permissions, and resources usually are large, and the relations among them are very complicated. Thus central authorization delegation can not meet the authorization management needs of a distributed system.
KeywordsAccess Control Model Role Assignment Policy Decision Point Role Hierarchy Delegation Model
Unable to display preview. Download preview PDF.
- 1.Sandhu R, Coyne E, Feinstein H, Youman C (1996) Role-based access control models. IEEE Computer Society Press 29:38–47Google Scholar
- 2.Barka E, Sandhu R (2000) A Role-based delegation model and some extensions. In: Proc of 23rd national information systems security conference (NISSC2000)Google Scholar
- 3.Sandhu R, Bhamidipati V, Munawer Q (1999) The ARBAC97 model for role-based administration of roles. In: Proc of 1st ACM transactions on information and system security. ACM Press, New York, pp 105–135Google Scholar
- 4.Barka E, Sandhu R (2000) Framework for role-based delegation models. In: Proceedings of 16th annual computer security application conference (ACSAC 2000)Google Scholar
- 5.Longhua Z, Gail-Joon A, Bei-Tseng C (2002) A Rule-based framework for role-based delegation. In: Proceedings of 6th ACM symposium on access control models and technologies (SACMAT 2001). ACM Press, New York, pp 153–162Google Scholar
- 6.Zhang X, Oh S, Sandhu R (2003) PBDM: A Flexible delegation model in RBAC. In: Ferrari E, Ferraiolo D (eds) Proceedings of the 8th ACM symposium on access control models and technologies. ACM Press, New York, pp 149–157Google Scholar
- 7.Park D-G, Lee Y-R (2005) A Flexible role-based delegation model using characteristics of permissions. Springer-Verlag, Korea, pp 310–323Google Scholar
- 8.ITU-T Recommendation X.509, Information Technology: Open Systems Interconnection- The Directory: Public-Key And Attribute Certificate Frameworks, 2000Google Scholar
- 11.Chadwick DW, Otenko A (2002) RBAC Policies in XML for X.509 based privilege management. In: Proceedings of IFIPTC11 17th international conference on information security (SEC 2002), pp 39–53Google Scholar
- 13.Agudo I, Lopez J, Montenegro JA (2005) A Representation model of trust relationships with delegation extensions. Springer-Verlag, Spain, pp 116–130Google Scholar
- 14.Montenegro JA, Moya F (2004) A Practical approach of X.509 attribute certificate framework as support to obtain privilege delegation. Springer-Verlag, Spain, pp 160–172Google Scholar
- 15.Wahl M (1997) A Summary of the X.500(96) user schema for use with LDAPv3, RFC 2256Google Scholar