The Research And Design Of Role-based Delegation Model

Authorization delegation is one of important features of a flexible access control model. In this paper, we discuss some drawbacks of the existing role-based delegation models, and then by introducing the idea of using RBAC itself to manage RBAC, we propose a new self-administrative sub-role based delegation model ASRBDM on the basis of PBDM. It deals with user-to-user delegation and role-to-role delegation. It supports flexible delegation by dividing a role into sub-roles according to characteristics of permissions assigned to the role and considering delegation and inheritance simultaneously. It provides flexibility in authority management such as partial delegation, permission level delegation and restricted inheritance. The new delegation model sets up more convenient and flexible authorization and delegation mechanisms, and will be extensively used in decentralizing network and workflow management systems. To attest the effectiveness and usefulness of the delegation model, the paper also designs a sub-role based authorization delegation system (ADS) to support authorization and delegation simultaneously based upon the proposed ASRBDM model. The ADS extends PMI system and supports flexible role and permission level authorization delegation, and effectively simplifies the privilege management infrastructure.First of all, theories of delegation and PMI were studied in this thesis. Several typical delegation models were researched in detail. Secondly, based on the researches on the current role-based delegation models, a new self-administrative sub-role based delegation model ASRBDM is presented. Thirdly, in order to attest the effectiveness and usefulness of the delegation model, we also attempted to implement an authorization delegation system which supports authorization and delegation simultaneously. Finally, test both the prototype system and access control application in some bank operation system, and also analyze the testing results.Currently researches on the role-based delegation model still stay around the theories stage and applications supporting authorization delegation are rarely. The presented ASRBDM model and authorization delegation system (ADS) can support flexible delegation by including sub-role hierarchies concept and integrate user-to-user delegation with role-to-role delegation. Thus authorization and delegation mechanisms become more convenient and flexible. The system makes beneficial research on multi-application system platform integrated PMI and it has an important application value in distributed network application system, WFMS and database system.