Abstract: Aiming at the delegation problem in information system,by starting with the existing problems of Role-based Network Model(RNM)in delegation process, the role-based network was improved from three aspects：the inheritance relationship between roles; the agreement between two sides in delegation process; the fine-grained dynamic control in delegation process; and Role-based Network Dynamic Delegation Model(RNDDM)was proposed further. This model not only inherited all the advantages of RNM, but also provided fine-grained dynamic control and the approach for two sides to reach agreement in delegation process. The good physical and space-time properties of RNDDM made delegation process simple and controllable. Based on elaborating the basic idea, the component and the formal model of RNM, the specific realization process of delegation's setting and revocation in different circumstance was given by examples.

Key words: role-based network, delegation technology, dynamic delegation model, access control, authorization

摘要： 针对信息系统中的转授权处理问题，从转授权业务处理过程中角色网络模型存在的问题入手，通过角色继承关系、转授权发起时双方协议的达成和授权粒度的动态控制三个方面，改进角色网络，并进一步提出角色网络动态转授权模型。该模型在继承角色网络全部优势的同时，对转授权发起时授权双方协议的达成和转授权过程中授权粒度的动态控制提供了支持，而角色网络动态转授权模型良好的物理和时空特性也使转授权处理流程变得更加简单和可控。在对角色网络动态转授权模型的基本思想、组成成员和形式化模型进行阐述的基础上，通过示例给出了角色网络动态转授权模型在不同业务情况下转授权发起和撤销的具体实现过程。

关键词: 角色网络, 转授权技术, 动态转授权模型, 访问控制, 权限