To increase the security of delegation, an attribute-based delegation model called AEDMA is presented, which is an extension of current delegation models. Delegation constraint in ABDMA consists of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). Delegatees must satisfy delegation constraint (especially DAE) when assigned to a delegation role. For a better flexibility, delegation attribute expression is divided into two types: permanent and temporary delegation attribute expressions. With temporary delegation attribute expression, the delegator can temporarily, not permanently, delegate high level permission to low level delegatees. ABDMA relieves the security management effort of the delegator and the system administrator in delegation and increases the security of delegation.

• 出版日期2006