Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC)

  • Daniel ServosEmail author
  • Sylvia L. Osborn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10128)


Attribute-Based Access Control (ABAC) is an emerging model of access control that has gained significant interest in both recent academic literature and industry application. However, to date there have been almost no attempts to incorporate the concept of dynamic delegation into ABAC. This work lays out a number of possible strategies for incorporating delegation into existing ABAC models and discusses the potential trade-offs associated with each strategy. Delegation strategies are categorized into families that share a number of similar properties. It is our hope that this preliminary work will aid in future ABAC based delegation research by identifying and detailing the challenges and opportunities intrinsic to each method of integrating delegation.


  1. 1.
    Barka, E., Sandhu, R. et al.: A role-based delegation model and some extensions. In: NISSC 2000, pp. 396–404 (2000)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: SP 2007, pp. 321–334 (2007)Google Scholar
  3. 3.
    Bijon, K.Z., Krishman, R., Sandhu, R.: Constraints specification in attribute based access control. Science 2(3), 131–144 (2013)Google Scholar
  4. 4.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. Science 4(3), 224–274 (2001)Google Scholar
  5. 5.
    Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31540-4_4 CrossRefGoogle Scholar
  6. 6.
    Servos, D., Mohammed, S., Fiaidhi, J., Kim, T.: Extensions to Ciphertext-policy attribute-based encryption to support distributed environments. Science 47(2–3), 215–226 (2013)Google Scholar
  7. 7.
    Servos, D., Osborn, S.L.: HGABAC: towards a formal model of hierarchical attribute-based access control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 187–204. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-17040-4_12 Google Scholar
  8. 8.
    Turner, S., Housley, R. et al.: An Internet Attribute Certificate Profile for Authorization. RFC 5755, January 2010Google Scholar
  9. 9.
    Wang, H., Osborn, S.L.: Static and dynamic delegation in the role graph model. Science 23(10), 1569–1582 (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.The University of Western OntarioLondonCanada

Personalised recommendations