基于属性的委托模型及其扩展

J. Res. Pract. Inf. Technol. Pub Date : 1900-01-01 DOI:10.5220/0002560401460159

Chunxiao Ye, Zhongfu Wu, Yunqing Fu

{"title":"基于属性的委托模型及其扩展","authors":"Chunxiao Ye, Zhongfu Wu, Yunqing Fu","doi":"10.5220/0002560401460159","DOIUrl":null,"url":null,"abstract":"In existing delegation models, delegation security entirely depends on delegators and security administrators, for delegation constraint in these models is only a prerequisite condition. This paper proposes an Attribute-Based Delegation Model (ABDM) with an extended delegation constraint consisting of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). In ABDM, a delegatee must satisfy delegation constraint (especially DAE) when assigned to a delegation role. With delegation constraint, a delegator can restrict the delegatee candidates more strictly. ABDM relieves delegators and security administrators of security management work in delegation. In ABDM, a delegator is not allowed to temporarily delegate permissions to a person who does not satisfy the delegation constraint. To guarantee its flexibility and security, an extension of ABDM named ABDMX is proposed. In ABDMX, a delegator can delegate some high level permissions to low level delegatee candidates temporarily, but not permanently.","PeriodicalId":309011,"journal":{"name":"J. Res. Pract. Inf. Technol.","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"An Attribute-Based Delegation Model and Its Extension\",\"authors\":\"Chunxiao Ye, Zhongfu Wu, Yunqing Fu\",\"doi\":\"10.5220/0002560401460159\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In existing delegation models, delegation security entirely depends on delegators and security administrators, for delegation constraint in these models is only a prerequisite condition. This paper proposes an Attribute-Based Delegation Model (ABDM) with an extended delegation constraint consisting of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). In ABDM, a delegatee must satisfy delegation constraint (especially DAE) when assigned to a delegation role. With delegation constraint, a delegator can restrict the delegatee candidates more strictly. ABDM relieves delegators and security administrators of security management work in delegation. In ABDM, a delegator is not allowed to temporarily delegate permissions to a person who does not satisfy the delegation constraint. To guarantee its flexibility and security, an extension of ABDM named ABDMX is proposed. In ABDMX, a delegator can delegate some high level permissions to low level delegatee candidates temporarily, but not permanently.\",\"PeriodicalId\":309011,\"journal\":{\"name\":\"J. Res. Pract. Inf. Technol.\",\"volume\":\"67 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"J. Res. Pract. Inf. Technol.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5220/0002560401460159\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Res. Pract. Inf. Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0002560401460159","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

摘要

在现有的委托模型中，委托安全性完全取决于委托者和安全管理员，因为这些模型中的委托约束只是一个先决条件。本文提出了一种基于属性的授权模型(ABDM)，该模型扩展了授权约束，包括授权属性表达式(DAE)和授权前提条件(CR)。在ABDM中，被委派者在分配给委派角色时必须满足委派约束(尤其是DAE)。有了委托约束，委托方可以更严格地限制被委托候选人。ABDM减轻了委托方和安全管理员在委托中的安全管理工作。在ABDM中，不允许委托方将权限临时委托给不满足委托约束的人员。为了保证ABDM的灵活性和安全性，提出了ABDMX的扩展。在ABDMX中，委托方可以暂时将一些高级权限委托给低级委托候选人，但不能永久地这样做。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Attribute-Based Delegation Model and Its Extension

In existing delegation models, delegation security entirely depends on delegators and security administrators, for delegation constraint in these models is only a prerequisite condition. This paper proposes an Attribute-Based Delegation Model (ABDM) with an extended delegation constraint consisting of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). In ABDM, a delegatee must satisfy delegation constraint (especially DAE) when assigned to a delegation role. With delegation constraint, a delegator can restrict the delegatee candidates more strictly. ABDM relieves delegators and security administrators of security management work in delegation. In ABDM, a delegator is not allowed to temporarily delegate permissions to a person who does not satisfy the delegation constraint. To guarantee its flexibility and security, an extension of ABDM named ABDMX is proposed. In ABDMX, a delegator can delegate some high level permissions to low level delegatee candidates temporarily, but not permanently.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

J. Res. Pract. Inf. Technol.

自引率

0.00%

发文量