Issue No. 10 - October (2011 vol. 23)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2010.205
He Wang , The University of Western Ontario, London
Sylvia L. Osborn , The University of Western Ontario, London
Delegation in access control is used to deal with exceptional circumstances, when a regular user is unable to perform their normal job and delegates all or part of it to others. These situations can be anticipated and built into the security design as static delegation; however, unforseen circumstances can still occur requiring dynamic delegation to be specified at runtime. This paper presents both static and dynamic delegation in the context of the Role Graph Model. To properly capture runtime events, we add sessions to the RGM. We then introduce session-oriented, dynamic delegation, a new concept in RBAC models, using an edge-labeling method. Constraints applicable to both static and dynamic delegation are examined.
Access controls, security, integrity, and protection.
H. Wang and S. L. Osborn, "Static and Dynamic Delegation in the Role Graph Model," in IEEE Transactions on Knowledge & Data Engineering, vol. 23, no. , pp. 1569-1582, 2010.