Title :
On the structure of delegation networks
Author_Institution :
Digital Syst. Lab., Helsinki Univ. of Technol., Espoo, Finland
Abstract :
In new distributed key-oriented access control systems such as SPKI, access rights are delegated by a freely formed network of certificates. The author formalizes the concept of a delegation network and presents a formal semantics for the delegation of access rights with certificates. The certificates can have multiple subjects who must co-operate to use the authority. Some fundamental properties of the system are proven, alternative techniques for authorization decisions are compared and their equivalence is shown rigorously. In particular he proves that certificate reduction is a sound and complete decision technique. He also suggests a new type of threshold certificate and proves its properties
Keywords :
authorisation; certification; public key cryptography; SPKI; access rights delegation; authorization decisions; certificate reduction; decision technique; delegation network structure; distributed key-oriented access control systems; formal semantics; freely formed certificate network; multiple subjects; threshold certificate; Access control; Authorization; Calculus; Data security; Digital systems; Electrical capacitance tomography; Laboratories; Local government; Permission; Public key;
Conference_Titel :
Computer Security Foundations Workshop, 1998. Proceedings. 11th IEEE
Conference_Location :
Rockport, MA
Print_ISBN :
0-8186-8488-7
DOI :
10.1109/CSFW.1998.683151
