Revocation in an Attribute-Based Delegation Model

Abstract

Attribute-based delegation model (ABDM) is a secured and flexible delegation model with an extended delegation constraint. Delegation attribute expressions can be changed in delegation, which induces an automatic revocation in ABDM. In this revocation, delegated permissions can be removed from users automatically according to dominance relation among DAEs of users and delegated permissions. Automatic revocation thus relieves the administrative efforts of delegator or system administrator in revocation. For a better flexibility, ABDM also supports revocation by delegator or system administrator. This paper also discusses some revocation modes of automatic revocation.