关键词: 基于角色的访问控制, 委托, 代理, 约束, 安全性, 灵活性

Abstract: The existing delegation models based on RoleBased Access Control (RBAC) lack flexibility, and the permissions abuse may occur in case that delegators are on business or on leave, although the system administrator could accomplish delegation authorization by oneself instead of delegators. This paper presented an Agentbased flexible role delegation model based on RBAC. The delegation strategy was given and the soundness and the completeness of the model were discussed and proved by the construction and the reduction methods. The results analyzed by theories and actual examples show that, the third party (or same Agent) takes charge of delegating the permissions on behalf of the delegator and supervises the delegation authorization. Flexibility is effectively reflected in the delegation, and the model follows the two security principles: "least privilege" and "the separation of duty".

Key words: Role-Based Access Control(RBAC), delegation, agent, constraints, security, flexibility