摘要
支持属性的委托模型(ABDM)中,受托者必须同时满足委托先决条件(CR)和委托属性表达式(DAE)才能获得委托权限或角色。在该模型中,委托撤销完成将委托出去的权限收回到委托者处的工作。首先介绍了ABDM提出的两种新的撤销模式及其带来的多步委托中委托与撤销的优先级问题。然后详细讨论了委托与撤销的关系,对两种解决办法:"先来先响应"和"先撤销后委托"进行了分析,提出了两种方法的适应场合。
In Attribute Supported Delegation Model (ABDM), delegatee must satisfy both delegation prerequisite condition (CR) and delegation attribute expression (DAE) when assigned to a delegation role. In ABDM, revocation focuses on how to revoke those delegated roles or permissions from delegatee. This paper first introduced two new sorts of revocations,which bring about priority between multi-step delegation and revocation. Then analyzed the relation between delegation and revocation and proposed two solutions:" first request first response" and "revocation first then delegation". We also discussed different situations fitting these two solutions.
出处
《计算机科学》
CSCD
北大核心
2010年第6期217-219,共3页
Computer Science
基金
国家自然科学基金(No.60803027)资助
关键词
访问控制
RBAC
委托
撤销
属性
Access control, RBAC, Delegation, Revocation, Attribute