Title :
Cross-domain access control via PKI
Author :
Denker, Grit ; Millen, Jon ; Miyake, Yutaka
Author_Institution :
Comput. Sci. Lab., SRI Int., Menlo Park, CA, USA
Abstract :
In this note we consider how role-based access control can be managed on a large scale over the Internet and across organizational boundaries. We take a PKI approach, in which users are identified using public key certificates, as are the servers. The main features of our approach are: access control by (client, role) pair; implied revocation based on the role hierarchy; automatic generation of certificate validity tickets; and certificate chains to prove a client role hierarchy to a server.
Keywords :
Internet; authorisation; client-server systems; public key cryptography; telecommunication security; Internet; PKI; certificate validity ticket generation; client role hierarchy; client server system; cross-domain access control; implied revocation; organizational boundaries; public key certificates; public key cryptography; role hierarchy; role-based access control; Access control; Computer science; Internet; Laboratories; Large-scale systems; Network servers; Public key; Research and development; Research and development management; Web server;
Conference_Titel :
Policies for Distributed Systems and Networks, 2002. Proceedings. Third International Workshop on
Print_ISBN :
0-7695-1611-4
DOI :
10.1109/POLICY.2002.1011308
