Title :
Static and Dynamic Delegation in the Role Graph Model
Author :
Wang, He ; Osborn, Sylvia L.
Author_Institution :
Dept. of Comput. Sci., Univ. of Western Ontario, London, ON, Canada
Abstract :
Delegation in access control is used to deal with exceptional circumstances, when a regular user is unable to perform their normal job and delegates all or part of it to others. These situations can be anticipated and built into the security design as static delegation; however, unforseen circumstances can still occur requiring dynamic delegation to be specified at runtime. This paper presents both static and dynamic delegation in the context of the Role Graph Model. To properly capture runtime events, we add sessions to the RGM. We then introduce session-oriented, dynamic delegation, a new concept in RBAC models, using an edge-labeling method. Constraints applicable to both static and dynamic delegation are examined.
Keywords :
authorisation; RBAC models; access control; edge-labeling method; role graph model; session-oriented dynamic delegation; static delegation; Access control; Computational modeling; Lead; Organizations; Permission; Standards organizations; Access controls; and protection.; integrity; security;
Journal_Title :
Knowledge and Data Engineering, IEEE Transactions on
DOI :
10.1109/TKDE.2010.205
