Profile Delegation Based On A Symmetric RBAC Model In A Trust Management System

Authorization in trust management systems is more expressive than in traditional access control systems such as role based access control (RBAC), security in modern distributed systems utilizes more sophisticated features (like delegation) and policies (as separation of duty ). Trust Management Systems (TMSs) in practice comprise three major components: the authorization decision, certificate storage and retrieval, and trust negotiation. In this document authorization decision has been taken as the principal to be analyzed and a symmetric model for delegation based on a profile delegation structure has been proposed.The structure has been organized in pools like users, groups, roles, functions and data, and the relations in role-group, role-role, group-group and finally the delegation and revocation algorithm have been developed for complete the robust components. These algorithms use variables like time expiration, constraints, and state of the delegation, depth and private key giving the system more flexibility, scalability, and easy way for maintenance.A mathematical model has been proposed as based of the profile delegation model, all variables consider all the cases when many users act and need rights over many privileges, any time, any place, and in any circumstance. UML has been applied for design the architecture of the model using the use case, class and state diagrams. The implementation of the model has been over oracle data base and Unix operation system.When a delegation occurs, it is registered setting its variables in the profile, validating the new parameters of the delegation and associating them as a new branch of the delegation. The profile is important to make a healthy revocation and cascade delegation in the time. Revocation process requests load all parameters that refer to the path to be revoked. When revocation occurs two cases have been analyzed: all permissions could be removed (total revocation) or only some of the permission need to be revoked (partial revocation). The implementation of the model has been showed that the model is ready for be audited with key indicators like flexibility, scalability, availability and easy maintenance in a network. It is for sure that every user can access only to the information authorized through the permissions associated to them according to the policy in the organization.The profile delegation manages the delegation and revocation path, being possible delegate amount of functions and users to the roles and groups respectively. The profile is a powerful tool for the administrator to know exactly how and when a delegation happen, and shows the way to revoke any node any time in the whole system.The profile delegation based on a symmetric RBAC model in a trust management system is a robust model for ensure and control the access of the users in a system. The model offers symmetric properties for reduce effort in its development and reduce cost on its implementation. Profile represents the key of the model for auditing, for scalability, availability and maintenance. The model ensure that an authorized user receive the adequate information in the correct time with the best quality.