Role-based Delegation and Revocation in xoRBAC - Implementation Experiences

Sigrid Schefer-Wenzl


Access control, Delegation, RBAC, Revocation


Delegation has been repeatedly identified as an important concept to increase flexibility in access control management. In case of an employee's temporary absence it may be useful that a user can delegate parts or all of his/her permissions to another user who subsequently will act on behalf of the delegator. Several delegation models exist to ensure a systemic delegation and revocation of access rights for secure software-based systems. In this paper, we present our experiences when implementing two delegation and revocation models into the access control management system xoRBAC.

Important Links:

Go Back