Research on Delegation Authorization Model Based on TRBAC and Attribute
Task-role-based access control (TRBAC) model widely used in workflow does not support the delegation strategies and does not consider the characteristics of entities in the system. In order to meet the requirements of delegation in the workflow environment, this paper proposes a delegation model called TRBAC-and-Attribute-based Delegation (TRABD) model. TRABD model introduces the concept of delegation and attribute to TRBAC model. To improve the security of the delegation process, delegation constraints in TRABD model consist of not only delegation condition role (CR), but also attribute constraint (ATC), delegation-role constraint (DRC), delegation constraint (DC). For better flexibility, ATC is divided into three types: strict ATC, weak ATC and user-defined ATC, so that the delegator can temporarily delegate high level permission to low level delegatee. In addition to this, it maintains the advantagement of traditional TRBAC model.