A flexible delegation processor for web-based information systems

Web-based information systems (WISs) have been widely used by enterprises to accomplish business tasks through the Internet. For contemporary WISs, it is important that when a user logs into a WIS, the user should be able to see his or her own view of the system. To do so, it is imperative that a flexible authorization and delegation model should be developed for WISs. In particular, the delegation model should support fine-grained delegation and controlled propagation on targets. In this paper, we attempt to develop a flexible delegation model for WISs. The model is called Extensible Markup Language (XML)-based delegation and revocation (XDR) model which supports fine-grained delegation and controlled propagation on resources. Furthermore, the proposed model supports various types of delegation and revocation, such as single-step delegation, multistep delegation, multiple delegation, partial delegation, separation of duties (SOD), and cascading revocation. Finally, a prototype was designed and implemented to demonstrate the feasibility of the proposed model.