Multi-Granular Licences to Decentralize Security Administration

There has been for several years a growing interest in defining new access control models and administration facilities for these models. Several models have observed that only structuring the model using the concept of roles as in RBAC is not sufficient to administer decentralized enterprises. These models have suggested to consider new concepts such as organization (as in OrBAC) or domain (as in GTRBAC) that make it easier to establish secured entreprise communications. In this paper, we suggest a self and decentralized object-oriented administration model built on the concept of organization. This model is merely based on two mechanisms: confinement and licence. Confinement restricts the authority of a subject to the organization (or sub-organizations) to which this subject has been assigned administration privileges. Licence introduces multi grain and contextual administration facility. It is used to define administration and delegation privileges, to whom they are assigned, in which context they became effective and the scope of each of them.