Constrained role-based delegation

Longhua Zhang, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.

Original languageEnglish (US)
Title of host publicationIFIP Advances in Information and Communication Technology
PublisherSpringer New York LLC
Pages289-300
Number of pages12
Volume122
ISBN (Print)9781475764895
DOIs
StatePublished - 2003
Externally publishedYes
EventIFIP TC11 18th International Conference on Information Security, SEC 2003 - Athens, Greece
Duration: May 26 2003May 28 2003

Publication series

NameIFIP Advances in Information and Communication Technology
Volume122
ISSN (Print)18684238

Other

OtherIFIP TC11 18th International Conference on Information Security, SEC 2003
CountryGreece
CityAthens
Period5/26/035/28/03

Fingerprint

Authorization
Delegation
Access control
Resource use
Exercise
Role-based access control
Anarchy
Organizational policy
Rule-based
Discretion
Language
Paradigm

Keywords

  • Access control
  • Authorization constraints
  • Role-based delegation

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Zhang, L., & Ahn, G-J. (2003). Constrained role-based delegation. In IFIP Advances in Information and Communication Technology (Vol. 122, pp. 289-300). (IFIP Advances in Information and Communication Technology; Vol. 122). Springer New York LLC. https://doi.org/10.1007/978-0-387-35691-4

Constrained role-based delegation. / Zhang, Longhua; Ahn, Gail-Joon.

IFIP Advances in Information and Communication Technology. Vol. 122 Springer New York LLC, 2003. p. 289-300 (IFIP Advances in Information and Communication Technology; Vol. 122).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhang, L & Ahn, G-J 2003, Constrained role-based delegation. in IFIP Advances in Information and Communication Technology. vol. 122, IFIP Advances in Information and Communication Technology, vol. 122, Springer New York LLC, pp. 289-300, IFIP TC11 18th International Conference on Information Security, SEC 2003, Athens, Greece, 5/26/03. https://doi.org/10.1007/978-0-387-35691-4
Zhang L, Ahn G-J. Constrained role-based delegation. In IFIP Advances in Information and Communication Technology. Vol. 122. Springer New York LLC. 2003. p. 289-300. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-0-387-35691-4
Zhang, Longhua ; Ahn, Gail-Joon. / Constrained role-based delegation. IFIP Advances in Information and Communication Technology. Vol. 122 Springer New York LLC, 2003. pp. 289-300 (IFIP Advances in Information and Communication Technology).
@inproceedings{2bcc37485ddc474fb5af20b425df2e56,
title = "Constrained role-based delegation",
abstract = "Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.",
keywords = "Access control, Authorization constraints, Role-based delegation",
author = "Longhua Zhang and Gail-Joon Ahn",
year = "2003",
doi = "10.1007/978-0-387-35691-4",
language = "English (US)",
isbn = "9781475764895",
volume = "122",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "289--300",
booktitle = "IFIP Advances in Information and Communication Technology",

}

TY - GEN

T1 - Constrained role-based delegation

AU - Zhang, Longhua

AU - Ahn, Gail-Joon

PY - 2003

Y1 - 2003

N2 - Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.

AB - Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.

KW - Access control

KW - Authorization constraints

KW - Role-based delegation

UR - http://www.scopus.com/inward/record.url?scp=84904282903&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84904282903&partnerID=8YFLogxK

U2 - 10.1007/978-0-387-35691-4

DO - 10.1007/978-0-387-35691-4

M3 - Conference contribution

SN - 9781475764895

VL - 122

T3 - IFIP Advances in Information and Communication Technology

SP - 289

EP - 300

BT - IFIP Advances in Information and Communication Technology

PB - Springer New York LLC

ER -