Skip to Main Content
Role-based access control (RBAC) is recognized as an efficient access control model and its delegation authority has been proved to be flexible and useful for information sharing on distributed environment. In todaypsilas highly dynamic distributed systems, collaboration is necessary for information sharing with others, so a user may want to delegate a collection of permissions, named an ability, to another user or all members of a group. Based on this fact, this paper builds a new ability-based delegation model (ABDM) within RBAC and develops its delegation algorithm. The framework includes both ability-based user-user delegation and user-group delegation. Further, we analyze delegation granting and revocation authorization. Compared with other existing delegation models, this ability-based delegation model provides great flexibility in authority management.