Number of Authors: 3
2002 (English)Conference paper (Refereed)
Sometimes it is useful to be able to separate between the management of a set of resources, and the access to the resources themselves. Current accounts of delegation do not allow such distinctions to be easily made, however. We introduce a new model for delegation to address this issue. The approach is based on the idea of controlling the possible shapes of delegation chains. We use constraints to restrict the capabilities at each step of delegation. Constraints may reflect e.g. group memberships, timing constraints, or dependencies on external data. Regular expressions are used to describe chained constraints. We present a number of example delegation structures, based on a scenario of collaborating organisations.
Place, publisher, year, edition, pages
2002, 1. , 12 p.
Computer and Information Science
IdentifiersURN: urn:nbn:se:ri:diva-22505OAI: oai:DiVA.org:ri-22505DiVA: diva2:1042070
Proceedings of IEEE Symposium on Security and Privacy