A function-based user authority delegation model

User authority delegation is granting or withdrawing access to computer-based information by entities that own and/or control that information. These entities must consider who should be granted access to specific information in the organization and determine reasonable authority delegation. Role Based Access Control (RBAC) delegation management, where user access authority is granted for the minimum resources necessary for users to perform their tasks, is not suitable for the actual working environment of an organization. Currently, RBAC implementations cannot correctly model inheritance and rules for different delegations are in conflict. Further, these systems require that user roles, positions, and information access be continuously and accurately updated, resulting in a manual, error-prone access delegation system. This paper presents a proposal for a new authority delegation model, which allows users to identify their own function-based delegation requirements as the initial input to the RBAC process. The conditions for delegations are identified and functions to implement these delegations are defined. The criteria for basic authority delegation, authentication and constraints are quantified and formulated for evaluation. An analysis of the proposed model is presented showing that this approach both minimizes errors in delegating authority and is more suitable for authority delegation administration in real organizational applications.