Abstract
This paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control over what rights a user wishes to delegate as opposed to delegation at the role level where all the rights of a role must be delegated. In addition, the model provides a rich set of controls regarding further delegations of a right, generic constraints that further control delegations, and an innovative model for revocations. Properties of both delegation and revocation are discussed, and our work is compared with other related research.
Original language | English (US) |
---|---|
Pages | 59-66 |
Number of pages | 8 |
DOIs | |
State | Published - 2005 |
Event | SACMAT 2005: Proceedings of 10th ACM Symposium on Access Control Models and Technologies - Stockholm, Sweden Duration: Jun 1 2005 → Jun 3 2005 |
Other
Other | SACMAT 2005: Proceedings of 10th ACM Symposium on Access Control Models and Technologies |
---|---|
Country/Territory | Sweden |
City | Stockholm |
Period | 6/1/05 → 6/3/05 |
All Science Journal Classification (ASJC) codes
- General Computer Science