Title :
Abductive Authorization Credential Gathering
Author :
Becker, Moritz Y. ; Mackay, Jason F. ; Dillaway, Blair
Author_Institution :
Microsoft Res., Cambridge, UK
Abstract :
A central task in the context of logic-based decentralized authorization languages is that of gathering credentials from credential providers, required by the resource guardpsilas policy to grant a userpsilas access request. This paper presents an abduction-based algorithm that computes a specification of missing credentials without communicating with remote credential providers. The specification is used to gather credentials from credential providers in a single pass, without involving any communication with the resource guard. The credentials gathered thus are pushed to the resource guard at authorization time. This approach decouples authorization from credential gathering, and, in comparison to server-side pull methods, reduces the number of messages sent between participants, and allows for environments in which some credential providers are unknown or unavailable to the resource guard at authorization time.
Keywords :
authoring languages; authorisation; protocols; abductive authorization credential gathering; credential gathering protocol; logic-based decentralized authorization languages; remote credential provider; resource guard policy; server-side pull method; user access request; Access control; Access protocols; Authorization; Availability; Centralized control; Context; Costs; Humans; Large-scale systems;
Conference_Titel :
Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on
Conference_Location :
London
Print_ISBN :
978-0-7695-3742-9
Electronic_ISBN :
978-0-7695-3742-9
DOI :
10.1109/POLICY.2009.23
