Delegation metamodel
The metamodel defines the conceptual elements and their relationships that can be used to specify access control and delegation policies.
Specurity Aspects
Name
Description
Delegate access-rights to other users without administrative privileges.
Specification Elements
Name
Description
An action that can be performed in the system system.
A user of the system.
Each user has one role.
Defines which roles can access which resources.
Each resource contains some actions which are only accessible to authorized users.
Protections are defined in rules.
Permission rules are used to specify which actions are accessible to users based on their roles.
Delegation rules are used to specify which actions are accessible to users by delegation.
Users in certain roles can access actions associated with both their roles and any roles they've been delegated.
Users may want to delegate only some actions.
The actions a user can delegate.
Represents the repetition of the delegation.
Represents the duration of the delegation.
Security Aspects
Delegation of rights
Delegate access-rights to other users without administrative privileges.- Specification Elements:
- Action
- ActionDelegation
- ActionDelegationRights
- Delegation
- Duration
- Permission
- Policy
- Recurrence
- Resource
- Role
- RoleDelegation
- Rule
- User
- Threats:
- Elevation of Privileges
Specification Elements
Action
An action that can be performed in the system system.- Applies to:
- Activity
User
A user of the system.- Applies to:
- Entity
Role
Each user has one role.- Applies to:
Policy
Defines which roles can access which resources.- Applies to:
Resource
Each resource contains some actions which are only accessible to authorized users.- Applies to:
- Activity
Rule
Protections are defined in rules.- Applies to:
Permission
Permission rules are used to specify which actions are accessible to users based on their roles.- Applies to:
Delegation
Delegation rules are used to specify which actions are accessible to users by delegation.- Applies to:
RoleDelegation
Users in certain roles can access actions associated with both their roles and any roles they've been delegated.- Applies to:
ActionDelegation
Users may want to delegate only some actions.- Applies to:
ActionDelegationRights
The actions a user can delegate.- Applies to:
Recurrence
Represents the repetition of the delegation.- Applies to:
Duration
Represents the duration of the delegation.- Applies to: