Constructing role-based access control and delegation based on hierarchical IBS

Authentication and authorization are crucial for information and system security. Role-based delegation based on role-based access control (RBAC) can act as an efficient means of authorization management in distributed collaborative environment. In this paper, we present a scheme that integrates hierarchical identity-based signature (Hierarchical IBS) technique to perform role-based access control and role-based delegation. In our suggestion, original user-role assignment relation can be regarded as a particular form of one-depth delegation. We eliminate the use of digital certificates, and handle the multi-depth role-based delegation based on hierarchical identity-based signature scheme [8]. Our access control process can provide both aspects of user authentication and role-based authorization simultaneously, so the independent authentication procedure is eliminated We also prove the security of our scheme in the random oracle model.