Agent Role-based Permissions Model And Its Implementation

Compared with traditional DAC and MAC models, Role-Based Access Control (RBAC) Model can provide better flexibility and scalability, and is now days the best and most popular access control model.In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a large-scale, highly distributed environment because of the continuous involvement from security officers. The emerging technology of role-based delegation provides a means for implementing RBAC in a fully distributed environment with empowerment of individual users. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. Delegation is a necessary approach to enhance the scalability of a distributed system since it enables decentralization of administration tasks.Delegation is an indispensability part for access control model and it is very important for secure distributed computing environment. It also has been become a hot research topic in the area of access control authorization. A completeness access control system must have function of role delegation. In a distributed system, network, large-scale system, cooperative computation, authorization delegation among different users play a main role in the flexible and high efficient working of access control.Based on several typical role-based delegation models, this paper presents a role-based delegation model called SBDM (SPC-based delegation model, SBDM), which is an extension of RBAC96 and RDM2000. And the paper makes a study of SBDM application framework which realizes SBDM stereotype. It contains:(1) In respects of delegation granularity, delegation depth, delegation polices and revocation, several typical role-based delegation models are in analysis, and the difference between them are also presented.(2) Makes an improvement on RBDMO and RBDM1 presented by E.Barka to impose more flexibility on constraints of delegation users. And gives two corresponding role delegation models of RBAC2 and RBAC3 in RBAC96, and then analyzes role delegation among users in the two systems.