Ezedin Barka
United Arab Emirates University
United Arab Emirates

Ravi Sandhu
George Mason University
USA

The basic idea behind delegation is that some active entity in a system delegates authority to another active entity in order to carry out some functions on behalf of the former. User delegation in RBAC is the ability of one user (called the delegating user) who is a member of the delegated role to authorize another user (called the delegate user) to become a member of the delegated role. This paper introduces a new model, which we consider it to be an extension of RBDM0 [BS2000 ].

The central contribution of this paper is to introduce a new model, referred to as RBDM1 (Role-Based Delegation Model/ Hierarchical Roles), that uses the details from RBDM0, which was described in the literature by barka and Sandhu [BS2000] to address the temporary delegation based on hierarchical roles. We formally defined a role-based delegation model based on hierarchical relationship between the roles involved. We also identified the different semantics that impact the can-delegate relation, we analyzed these semantics to determine which ones we consider as more appropriate in business today, thus allowed in our model, and provided a justification to why those selections are made

Keywords: Access Control, RBAC, Delegation, Revocations, Delegation Models

Read Paper (in PDF)