Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control

Efforts towards incorporating user-to-user delegation into Attribute-Based Access Control (ABAC) is an emerging new direction in ABAC research. A number of potential strategies for integrating delegation have been proposed in recent literature but few have been realized as full ABAC delegation models. This work formalizes one such strategy, entitled User-To-User Attribute Delegation, into a working delegation model by extending the Hierarchical Group and Attribute-Based Access Control (HGABAC) model to support dynamic and "off-line" attribute delegation. A framework to support the proposed delegation model is also presented and gives implementation details including an updated Attribute Certificate format and service protocol based on the Hierarchical Group Attribute Architecture (HGAA).