Hemanth Khambhammettu scite author profile

2007

Int. J. Inf. Secur.

Abstract. User delegation is a mechanism for assigning access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for role-based access control models have extensively studied grant delegations. However, transfer delegations for role-based access control have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for role-based access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorise delegations in our model. In particular, we show that the use of administrative scope for authorising delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we compare our work with relevant work in the literature.

show abstract

Delegation in Role-Based Access Control

2006

show abstract

Delegation and satisfiability in workflow systems

2008

Supporting delegation mechanisms in workflow systems is receiving increasing interest from the research community. An important requirement of a constrained workflow is to guarantee the satisfiability of the workflow, which requires that some set of authorized users can complete a workflow. Typically, any mechanism that is used to establish the satisfiability of a workflow is based on the workflow specification and the user authorization information. The effect of a successful user delegation request is to change the user authorization information, thereby affecting the satisfiability of the workflow.Existing work on delegation in workflows does not consider the satisfiability of the workflow. In this paper, we address the satisfiability problem of workflows, while supporting user delegation mechanisms, in the context of three different workflow execution models. We consider delegation of concrete tasks, abstract tasks and roles. We present algorithms for evaluating various delegation requests in each workflow execution model.

show abstract

A framework for risk assessment in access control systems

Boulares

Adi

et al. 2013

Computers & Security

On delegation and workflow execution models

2008