Information Technology Reference
In-Depth Information
Definition 2 (Delegation Tree and Delegation Path).
A delegation tree is a 5-tuple
(p, dr, de, MD, DT), where p
E. p, dr, de, MD, DT are
called delegated privilege, delegator, direct delegatee, set of mediate delegatees and
set of delegation targets respectively. A delegation path in delegation tree (p, dr, de,
MD, DT) is denoted as: [dr→de
[0..n]
→dt]
p
, where n
∈
P, dr
∈
E, de
∈
E, MD
⊆
E, DT
⊆
0, de
0
=de, de
[0..n]
= de
0
→de
1
→…
≥
→de
n
, de
i
DT. Here n is called
delegation depth
(n plus 1 is equal
to the value of delegation depth defined in some TM systems such as DL [11]).
Fig.1 illustrates a sample delegation tree. When dr initiates a delegation by delegat-
ing p to de, de may re-delegate p to entities in MD, such as de
1
, de
2
, …, de
5
. de and
the entities in MD may perform the functions controlled by p on the target entity in
DT, such as dt
1
and dt
2
. “dr→de→de
1
→de
3
→dt” is a delegation path whose delega-
tion depth is 2.
∈
MD(i=1...n), dt
∈
de
3
p
f
de
1
p
dt
1
p
f
p
de
dr
de
4
p
f
de
2
dt
2
p
de
5
f
initial delegation
between dr and de
mediate delegatees
delegation targets
Fig. 1.
A Sample Delegation Tree
Definition 3 (Constraint
Structure).
A constraint structure is a 4-tuple (DP, DC,
,
⇒), where DP and DC are sets of delegation paths and delegation constraints respec-
tively,
⊃
⊃
and ⇒ are relations where
⊃
⊆
DC
×
DC, ⇒
⊆
DP
×
DC. Given c
1
, c
2
∈
DC,
c
1
⊃
c
2
means c
1
dominates
c
2
. Given dp
∈
DP and c
∈
DC, dp⇒c means dp
satisfies
c.
⇒ is monotonic: Given c
1
, c
2
∈
DC and c
1
⊃
c
2
, if dp⇒c
1
then dp⇒c
2
.
Given dp=[dr→de
[0..n]
→dt]
p
DC(i=0...n), we say dp is a
valid delega-
tion path
iff dp
i
⇒c
i
(i=0...n), where dp
i
=dr
i
→de
[i..n]
→dt (i=0...n), dr
0
= dr, dr
i
= de
i-
1
(i=1...n), c
i
is the delegation constraint specified by dr
i
. If dp=[dr→de
[0..n]
→dt]
p
is a
valid delegation path and dr
∈
DP and c
i
∈
∋
p, then de
n
∋
p and de
n
can perform function f, where f
∈
F
and p
∝
f.
2.2 Typed Privileges
The privilege of the authorization system defined in section 2.1 is abstract and has no
practical meaning. In this section, we reify it into two typical MTP and ATP, i.e.,
authority and capability, to express more specific authorization policies. The two
types of privileges are strongly connected with one basic type of privilege named
permission.
Definition 4 (Permission, Authority and Capability).
PM is the set of all permis-
sions, which are the privileges of accessing resources, such as read/write a file, in-
