Revocation Schemes for Delegation Licences
- Cite this paper as:
- Ben-Ghorbel-Talbi M., Cuppens F., Cuppens-Boulahia N., Bouhoula A. (2008) Revocation Schemes for Delegation Licences. In: Chen L., Ryan M.D., Wang G. (eds) Information and Communications Security. ICICS 2008. Lecture Notes in Computer Science, vol 5308. Springer, Berlin, Heidelberg
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several delegation types, such as the delegation or transfer of permissions and roles, multi-step delegation and temporary delegation. We state formally in this paper how to manage the revocation of these delegation schemes. Our model supports a wide spectrum of revocation dimensions such as propagation, dominance, dependency, automatic/user revocation, transfer revocation and role/permission revocation.
Unable to display preview. Download preview PDF.