• DocumentCode
    2173371
  • Title

    Distributed authorization using delegation with acyclic paths

  • Author

    Lain, Antonio ; Mowbray, Miranda

  • Author_Institution
    HP Labs. Bristol
  • fYear
    0
  • fDate
    0-0 0
  • Lastpage
    269
  • Abstract
    We present a new trust management scheme for distributed authorization which can be easily implemented using X.509-based certificate chains, but does not require globally unique role names. A principal proves that he has authorization for a particular action by demonstrating the existence of an acyclic chain of bindings from a specified principal to himself where the sequence of labels in the chain matches a template. This template is in an easily-computed subset of regular path expressions. Our restrictions to acyclic paths and to a subset of path expressions enable us to permit controlled delegation, relax the requirement of global agreement on role names, and provide an intuitive abstraction. We show that some useful security properties can be determined in polynomial time. Our scheme has been used in practice to secure a management framework for distributed components: we give an overview of the implementation
  • Keywords
    authorisation; X.509-based certificate chains; acyclic chain; acyclic paths; distributed authorization; distributed components; global agreement; intuitive abstraction; management framework security; polynomial time; regular path expressions; security properties; trust management; Access control; Authentication; Authorization; Joining processes; Polynomials; Scalability; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Workshop, 2006. 19th IEEE
  • Conference_Location
    Venice
  • ISSN
    1063-6900
  • Print_ISBN
    0-7695-2615-2
  • Type

    conf

  • DOI
    10.1109/CSFW.2006.12
  • Filename
    1648723
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2173371