Role-based delegation is widely used in most of existing ElM (Enterprise Information Management)systems.Due to the fact that the delegation constraint in delegation is only a prerequisite role,potential security risk in those systems may be resulted from delegation security which depends entirely on delegators or system administrators.This paper proposes new delegation model named attribute based delegation model (ABDM),in which delegation condition consists of both delegation prerequisite condition (CR) and delegation attribute expression (DAE).In the ABDM,delegators and system administrators can restrain delegatee candidates more strictly,it thus not only greatly guarantees delegation security but also relieves delegators and administrators of security management workload.Additionally,the architecture of ABDM is followed,and several important components,including access control service,delegation service and revocation service,are emphasized in detail.Finally,the implementation of ABDM in web-based environment is illustrated,in which XML is employed to represent all kinds of the data used in delegation,such as user,permission,role,delegation attribute expression,prerequisite role and other delegation constraints.