OS-DRAM: A delegation administration model in a decentralized enterprise environment

Abstract

In this paper, we propose an effective delegation administration model using the organizational structure. From a user-level delegation point of view, previous delegation models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as the leakage of information and the abuse of delegation in a decentralized enterprise environment. Thus, we propose a new integrated management model of administration role-based access control model and delegation policy, which is called the OS-DRAM. This defines the authority range in an organizational structure that is separated from role hierarchy and supports a clear criterion for user-level delegation administration. Consequently, the OS-DRAM supports a decentralized user-level delegation policy in which a regular user can freely delegate his/her authority to other users within a security officer's authority range with-out the security officer's intervention. © Springer-Verlag Berlin Heidelberg 2006.