%0 Journal Article
%T An Auto-revocation Supported Delegation Model
%A Chunxiao Ye
%A Xiang Li
%J Journal of Computers
%D 2010
%I Academy Publisher
%R 10.4304/jcp.5.6.861-869
%X We have proposed an Attribute-Based Delegation Model (ABDM), in which delegatee must satisfy both delegation prerequisite condition (CR) and delegation attribute expression (DAE) when assigned to a delegation role. ABDM introduce some auto revocation mechanics to support two new types of auto revocation: revocation triggered by the change of user¡¯s delegation attribute expression and revocation triggered by the change of delegated permission¡¯s delegation attribute expression, which are different from existing revocations. ABDM supports auto revocation triggered by time. This paper also discusses system cost of auto revocation and security of multi-step delegation. An auto revocation algorithm and a system architecture are proposed in the end of this paper.
%K information security
%K access control
%K delegation
%K auto revocation
%K attribute
%U http://ojs.academypublisher.com/index.php/jcp/article/view/2641