TY - JOUR
T1 - Resolving conflicts in authorization delegations
AU - Ruan, Chun
AU - Varadharajan, Vijay
PY - 2002
Y1 - 2002
N2 - In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorization model to deal with the conflict resolution problem with delegation. In our model, conflicts are classified into comparable and incomparable ones. With comparable conflicts, the conflicts come from the grantors that have grant connectivity relationship with each other, and the predecessor’s authorizations will always take precedence over the successor’s. In this way, the access rights can be delegated but the delegation can still be controlled. With incomparable conflicts, the conflicts come from the grantors that do not have grant connectivity relationship with each other. Multiple resolution policies are provided so that users can select the specific one that best suits their requirements. In addition, the overridden authorizations are still preserved in the system and they can be reactivated when other related authorizations are revoked or the policy for resolving conflicts is changed. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labelled digraphs, which provides a formal basis for proving the semantic correctness of our model.
AB - In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorization model to deal with the conflict resolution problem with delegation. In our model, conflicts are classified into comparable and incomparable ones. With comparable conflicts, the conflicts come from the grantors that have grant connectivity relationship with each other, and the predecessor’s authorizations will always take precedence over the successor’s. In this way, the access rights can be delegated but the delegation can still be controlled. With incomparable conflicts, the conflicts come from the grantors that do not have grant connectivity relationship with each other. Multiple resolution policies are provided so that users can select the specific one that best suits their requirements. In addition, the overridden authorizations are still preserved in the system and they can be reactivated when other related authorizations are revoked or the policy for resolving conflicts is changed. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labelled digraphs, which provides a formal basis for proving the semantic correctness of our model.
UR - http://www.scopus.com/inward/record.url?scp=84947436665&partnerID=8YFLogxK
U2 - 10.1007/3-540-45450-0_22
DO - 10.1007/3-540-45450-0_22
M3 - Article
AN - SCOPUS:84947436665
SN - 0302-9743
VL - 2384
SP - 271
EP - 285
JO - Agents for Games and Simulations II
JF - Agents for Games and Simulations II
ER -