Delegation of authority is an important process that needs to be captured by any access control model. In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider delegation in presence of the general hierarchy type. Multiple hierarchy types have been proposed in the context of Generalized Temporal Role-based Access Control (GTRBAC) model, where it has been shown that multiple hierarchy semantics is desirable to express fine-grained access control policies. In this paper, we address role-based delegation schemes in the of hybrid hierarchies and elaborate on fine-grained delegation schemes. In particular, we show that upward delegation, which has been considered as having no practical use, is a desirable feature. Furthermore, we show that accountability must be considered as an important factor during the delegation process. The delegation framework proposed subsumes delegations schemes proposed in earlier role-based delegation models and provide much more fine-grained control of delegation semantics.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Vijayalakshmi Atluri , Janice Warner, Supporting conditional delegation in secure workflow management systems, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1063990]
	2	E. Barka and R. Sandhu, A Role-Based Delegation Model and Some Extensions, Proc. of 23rd National Information Systems Security Conference, Dec, 2000.
	3	Ezedin Barka , Ravi Sandhu, Role-Based Delegation Model/ Hierarchical Roles (RBDM1), Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), p.396-404, December 06-10, 2004  [doi>10.1109/CSAC.2004.31]
	4	D. F. Ferraiolo, D. M. Gilbert, and N Lynch. An Examination of Federal and Commercial Access Control Policy Needs. In Proceedings of NISTNCSC National Computer Security Conference, pages 107--116, Baltimore, MD, September 20-23 1993.
	5	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
	6	M. Gasser, E. McDermott, An Architecture for practical Delegation in a Distributed System, 1990 IEEE Computer Society Symposium on Research in Security and Privacy. May, 1990.
	7	L. Giuri. Role-based access control: A natural approach. In Proceedings of the 1st ACM Workshop on Role-Based Access Control. ACM, 1997.
	8	Cheh Goh , Adrian Baldwin, Towards a more complete model of role, Proceedings of the third ACM workshop on Role-based access control, p.55-62, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286898]
	9	James Joshi , Arif Ghafoor , Walid G. Aref , Eugene H. Spafford, Digital Government Security Infrastructure Design Challenges, Computer, v.34 n.2, p.66-72, February 2001  [doi>10.1109/2.970579]
	10	James B. D. Joshi , Walid G. Aref , Arif Ghafoor , Eugene H. Spafford, Security models for web-based applications, Communications of the ACM, v.44 n.2, p.38-44, Feb. 2001  [doi>10.1145/359205.359224]
	11	James B D Joshi , Elisa Bertino , Arif Ghafoor, Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507724]
	12	J. B. D. Joshi, E. Bertino, A. Ghafoor. Hybrid Temporal Role Hierarchies in GTRBAC. Submitted to ACM Transactions on Information and System Security.
	13	James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005  [doi>10.1109/TKDE.2005.1]
	14	R.W.C. Lui and L.C.K. Hui, A Model for Delegation of Accountability, IASTED International Conference on Software Engineering, SE 2004.
	15	J. D. Moffett, Delegation of Authority Using Domain Based Access Rules, PhD Thesis. Dept of Computing, Imperial College, University of London. 1990.
	16	N. Nagaratnam, D. Lea, Secure Delegation for Distributed Object Environments, USENIX Conference on Object Oriented Technologies and Systems. April, 1998.
	17	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
	18	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	19	Ravi S. Sandhu, Role Hierarchies and Constraints for Lattice-Based Access Controls, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.65-79, September 25-27, 1996
	20	Ravi Sandhu, Role activation hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.33-40, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286891]
	21	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
	22	Basit Shafiq , James B. D. Joshi , Elisa Bertino , Arif Ghafoor, Secure Interoperation in a Multidomain Environment Employing RBAC Policies, IEEE Transactions on Knowledge and Data Engineering, v.17 n.11, p.1557-1577, November 2005  [doi>10.1109/TKDE.2005.185]
	23	Lynn Andrea Stein, Delegation is inheritance, Conference proceedings on Object-oriented programming systems, languages and applications, p.138-146, October 04-08, 1987, Orlando, Florida, United States
	24	Roshan K. Thomas, Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, p.13-19, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266748]
	25	Jacques Wainer , Akhil Kumar, A fine-grained, controllable, user-to-user delegation method in RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1063991]
	26	X. Zhang, S. Oh and R. Sandhu, PBDM: A Flexible Delegation Model in RBAC http://www.list.gmu.edu/confrnc/sacmat/2003_pbdm.pdf, SACMAT 2003.
	27	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.404-441, August 2003  [doi>10.1145/937527.937530]