Delegatable Authorization Program and Its Application

Data protection is a significant issue in any secure information systems. In this paper, we present a decentrailzed authorization delegation model in which users can be delegated, granted or forbidden some access rights. This security model is formulated as an extended logic program, and the detailed considerations of how to evaluate the semantics of the program is given. In particular, the conflicting problem is addressed and a resolution method based on the underlying delegation relations and hierachical structures of subjects, objects and access rights is presented. Finally, as an application, we show how this framework can support different electronic consent models within the context of health care. Key words: information security, authorization, access control, logic programming