Delegation Constraint Management Delegation Constraint Management
نویسندگان
چکیده
The paper addresses the issue of providing access control via delegation and constraint management across multiple security domains. Specifically, this paper proposes a novel Delegation Constraint Management model to manage and enforce delegation constraints across security domains. An algorithm to trace the authority of delegation constraints is introduced as well as an algorithm to form a delegation constraint set and detect/prevent potential conflicts. The algorithms and the management model are built upon a set of formal definitions of delegation constraints. In addition, a constraint profile based on XACML is proposed as a means to express the delegation constraint. The paper also includes a protocol to exchange delegation constraints (in the form of user commitments) between the involved entities in the delegation process.
منابع مشابه
An Attribute-Based Delegation Model and Its Extension
In existing delegation models, delegation security entirely depends on delegators and security administrators, for delegation constraint in these models is only a prerequisite condition. This paper proposes an Attribute-Based Delegation Model (ABDM) with an extended delegation constraint consisting of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). In ABDM...
متن کاملDelegation in Tree-search for Distributed Constraint Satisfaction
We introduce the idea of delegation in distributed tree-search, as a method to reduce the communication overhead when solving Distributed Constraint Satisfaction Problems (DisCSPs). With delegation, an agent can eliminate some direct forward links to child neighbours and choose intermediaries for communicating with such children. We present an algorithm which constructs long delegation paths au...
متن کاملTowards Secure Delegation with Chinese Wall Security Policy (CWSP)
Chinese Wall Security Policy (CWSP) is a widely applied access control policy in many fields, especially in commercial world. Delegation is one of the hot topics of access control technologies. Delegation with CWSP means delegation must satisfy not only delegation constrains but CWSP as well. There exist many delegation models, such as RBDM, RDM2000 and PBDM et al, but few focus on it. This pap...
متن کاملTime Constraint Delegation for P2P Data Decryption
Large amount of digital content would be stored safely in peer-to-peer network, with encrypted format. Being requested, a cipher text is downloaded from certain peer and decrypted by a delegated decryptor to obtain the clear text. Observing the need for this new kind of delegation decryption service, we propose a novel time constraint delegation scheme for decrypting p2p data in this paper. The...
متن کاملComprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Context. Role-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often rolebased policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights a...
متن کامل