Role delegation in role-based access control

Abstract

In distributed-computing environments, applications or users have to share resources and communicate with each other to perform their jobs more efficiently. For better performance, it is important to keep resources and the information integrity from the unexpected use by unauthorized user. Therefore, there is a strong demand for the authentication and the access control of distributed-shared resources. Nowadays, three kinds of access control, discretionary access control (DAC) mandatory access control (MAC) and role-based access control (RBAC) have been proposed. In RBAC, there are role hierarchies in which a senior role can perform the permission of a junior role. However, it is sometimes necessary for a junior role to perform a senior role's permission, which is not allowed basically by a junior role. In this paper, we will propose a role delegation method, consisting of a role delegation server, and a role delegation protocols. We divide the delegation into two by the triggered object: active delegation and passive delegation. Consequently, a junior role can gain a senior role's permissions.