Journal of Computers, Vol 5, No 6 (2010), 861-869, Jun 2010
doi:10.4304/jcp.5.6.861-869

An Auto-revocation Supported Delegation Model

Chunxiao Ye, Xiang Li

Abstract


We have proposed an Attribute-Based Delegation Model (ABDM), in which delegatee must satisfy both delegation prerequisite condition (CR) and delegation attribute expression (DAE) when assigned to a delegation role. ABDM introduce some auto revocation mechanics to support two new types of auto revocation: revocation triggered by the change of user’s delegation attribute expression and revocation triggered by the change of delegated permission’s delegation attribute expression, which are different from existing revocations. ABDM supports auto revocation triggered by time. This paper also discusses system cost of auto revocation and security of multi-step delegation. An auto revocation algorithm and a system architecture are proposed in the end of this paper.


Keywords


information security, access control, delegation, auto revocation, attribute

References



Full Text: PDF


Journal of Computers (JCP, ISSN 1796-203X)

Copyright @ 2006-2012 by ACADEMY PUBLISHER – All rights reserved.