The DRBAC model creates atom roles by dividing traditional RBAC roles, which makes role assignment granularity smaller to reach a state of undividable permission, and then becomes more beneficial for the implementation of "the principle of least privilege".
In DRBAC, time complexity of role searching and dynamic creation is a key problem for resource providers.
While in DRBAC, the network latency is greatly reduced due to the reduction of the direct requests from the source providers.
The above example well illustrates the process of role combination, and further analysis explains that DRBAC is able to avoid producing CAS proxy certificates and the management of time threshold can well control the use for roles and the maintenance of role space.
This paper puts forward a dynamic role-based authorization model, which combines DRBAC access control model and CAS model.
Figure 2 presents the framework of DRBAC model based on Multi-Agent Systems, PKI, and PMI.
Consequently, we verify that our proposed DRBAC scheme can handle and delegate the roles of the number of users in a robust, flexible, and efficient way.
Figure 8 presents the DRBAC and MAS configuration screen.
'DRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments' Technical Report TR2001-819, Department of Computer Science, New York University.