Constrained role-based delegation

Longhua Zhang, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Delegation is a promising alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revocations are thus governed by these authorization policies. In this paper, we propose a policy approach for specifying and enforcing delegation authorizations. We present a mechanism for constructing authorization policies using a set of rules. Our rule-based language is flexible and powerful to specify and enforce authorization constraints. In addition, rules can also be used to define the exceptions for future actions and resolve possible conflicts.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in the age of Uncertainty - IFIP TC11 18th International Conference on Information Security, SEC 2003
PublisherSpringer New York LLC
Number of pages12
ISBN (Print)9781475764895
StatePublished - 2003
Externally publishedYes
EventIFIP TC11 18th International Conference on Information Security, SEC 2003 - Athens, Greece
Duration: May 26 2003May 28 2003

Publication series

NameIFIP Advances in Information and Communication Technology
ISSN (Print)1868-4238


OtherIFIP TC11 18th International Conference on Information Security, SEC 2003


  • Access control
  • Authorization constraints
  • Role-based delegation

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management


Dive into the research topics of 'Constrained role-based delegation'. Together they form a unique fingerprint.

Cite this