X-RDR: A role-based delegation processor for Web-based information systems

Shihyu Chou; Eric Jui Lin Lu; Yi Hui Chen

doi:10.1145/1044552.1044553

X-RDR: A role-based delegation processor for Web-based information systems

Shihyu Chou^*, Eric Jui Lin Lu, Yi Hui Chen

^*Corresponding author for this work

Research output: Contribution to journal › Journal Article › peer-review

4 Scopus citations

Abstract

Although Web-based information systems (WISs) have been widely used by enterprises to accomplish business tasks through the Internet, there is little research on designing a flexible access control and delegation model for WISs. In this paper, we design a user-to-user and role-to-role delegation model (called X-RDR model) for WISs. The authorization and delegation policies are encoded in XML and the granularity of control can be as small as a text-field or button. Additionally, the proposed model supports single-step delegation, multi-step delegation, multiple delegation, partial delegation, separation of duties, and cascading revocation. A prototype was also implemented to demonstrate the feasibility of the proposed model.

Original language	English
Pages (from-to)	4-21
Number of pages	18
Journal	Operating Systems Review (ACM)
Volume	39
Issue number	1
DOIs	https://doi.org/10.1145/1044552.1044553
State	Published - 2005
Externally published	Yes

Keywords

Delegation
Granular access control
WIS
XML

Access to Document

10.1145/1044552.1044553

Cite this

@article{859efc1d611b438084b5c66774261f5f,

title = "X-RDR: A role-based delegation processor for Web-based information systems",

abstract = "Although Web-based information systems (WISs) have been widely used by enterprises to accomplish business tasks through the Internet, there is little research on designing a flexible access control and delegation model for WISs. In this paper, we design a user-to-user and role-to-role delegation model (called X-RDR model) for WISs. The authorization and delegation policies are encoded in XML and the granularity of control can be as small as a text-field or button. Additionally, the proposed model supports single-step delegation, multi-step delegation, multiple delegation, partial delegation, separation of duties, and cascading revocation. A prototype was also implemented to demonstrate the feasibility of the proposed model.",

keywords = "Delegation, Granular access control, WIS, XML",

author = "Shihyu Chou and Lu, {Eric Jui Lin} and Chen, {Yi Hui}",

year = "2005",

doi = "10.1145/1044552.1044553",

language = "英语",

volume = "39",

pages = "4--21",

journal = "Operating Systems Review (ACM)",

issn = "0163-5980",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - X-RDR

T2 - A role-based delegation processor for Web-based information systems

AU - Chou, Shihyu

AU - Lu, Eric Jui Lin

AU - Chen, Yi Hui

PY - 2005

Y1 - 2005

N2 - Although Web-based information systems (WISs) have been widely used by enterprises to accomplish business tasks through the Internet, there is little research on designing a flexible access control and delegation model for WISs. In this paper, we design a user-to-user and role-to-role delegation model (called X-RDR model) for WISs. The authorization and delegation policies are encoded in XML and the granularity of control can be as small as a text-field or button. Additionally, the proposed model supports single-step delegation, multi-step delegation, multiple delegation, partial delegation, separation of duties, and cascading revocation. A prototype was also implemented to demonstrate the feasibility of the proposed model.

AB - Although Web-based information systems (WISs) have been widely used by enterprises to accomplish business tasks through the Internet, there is little research on designing a flexible access control and delegation model for WISs. In this paper, we design a user-to-user and role-to-role delegation model (called X-RDR model) for WISs. The authorization and delegation policies are encoded in XML and the granularity of control can be as small as a text-field or button. Additionally, the proposed model supports single-step delegation, multi-step delegation, multiple delegation, partial delegation, separation of duties, and cascading revocation. A prototype was also implemented to demonstrate the feasibility of the proposed model.

KW - Delegation

KW - Granular access control

KW - WIS

KW - XML

UR - http://www.scopus.com/inward/record.url?scp=33750859363&partnerID=8YFLogxK

U2 - 10.1145/1044552.1044553

DO - 10.1145/1044552.1044553

M3 - 文章

AN - SCOPUS:33750859363

SN - 0163-5980

VL - 39

SP - 4

EP - 21

JO - Operating Systems Review (ACM)

JF - Operating Systems Review (ACM)

IS - 1

ER -

X-RDR: A role-based delegation processor for Web-based information systems

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this