Title :
A framework for supporting distributed access control policies
Author :
Zhou, Wei ; Meinel, Christoph ; Raja, Vinesh H.
Author_Institution :
Dept. of Comput. Sci., Trier Univ., Germany
Abstract :
In this paper we describe a mechanism for managing authorisation policies in distributed environments. This mechanism is based on public key infrastructure (PKI) and privilege management infrastructure (PMI). In our approach each domain comprises a root policy and some subordinate authorisation policies. The root policy specifies how to use the subordinate policies. The subordinate policies describe the access control rules that are used for making access control decisions. The subordinate policies can be defined and managed independently and dynamically loaded into the access control system at runtime. All these policies are stored in X.509 attribute certificates (ACs), thus guaranteeing their integrity. The AC that holds root policy is co-located with access control system; the ACs that holds subordinate policies can be distributed. In the root policy we use policy schemes, policy sub-schemes and policy hierarchies to manage the subordinate policies; because they make the policy management flexible and easy.
Keywords :
access control; authorisation; public key cryptography; attribute certificates; authorisation policies; distributed access control policies; policy hierarchies; privilege management infrastructure; public key infrastructure; Access control; Authorization; Computer aided manufacturing; Computer science; Environmental management; Protection; Public key; Pulp manufacturing; Security; Web services;
Conference_Titel :
Computers and Communications, 2005. ISCC 2005. Proceedings. 10th IEEE Symposium on
Print_ISBN :
0-7695-2373-0
DOI :
10.1109/ISCC.2005.10
