PBDM

Citations Over TimeTop 1% of 2003 papers

Abstract

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.

Related Papers

• [Debate in the USA on nurses' delegation of duties to assistants].(2001)
• Don't be afraid to delegate : article(2002)
• → Breaking the Delegation Barrier(1987)
• Research and application on B/S System permission management based on RBAC(2006)
• Implementation of Access Control Based on AOP and RBAC in ASP.NET MVC(2010)