DocumentCode
2876492
Title
Abductive Authorization Credential Gathering
Author
Becker, Moritz Y. ; Mackay, Jason F. ; Dillaway, Blair
Author_Institution
Microsoft Res., Cambridge, UK
fYear
2009
fDate
20-22 July 2009
Firstpage
1
Lastpage
8
Abstract
A central task in the context of logic-based decentralized authorization languages is that of gathering credentials from credential providers, required by the resource guardpsilas policy to grant a userpsilas access request. This paper presents an abduction-based algorithm that computes a specification of missing credentials without communicating with remote credential providers. The specification is used to gather credentials from credential providers in a single pass, without involving any communication with the resource guard. The credentials gathered thus are pushed to the resource guard at authorization time. This approach decouples authorization from credential gathering, and, in comparison to server-side pull methods, reduces the number of messages sent between participants, and allows for environments in which some credential providers are unknown or unavailable to the resource guard at authorization time.
Keywords
authoring languages; authorisation; protocols; abductive authorization credential gathering; credential gathering protocol; logic-based decentralized authorization languages; remote credential provider; resource guard policy; server-side pull method; user access request; Access control; Access protocols; Authorization; Availability; Centralized control; Context; Costs; Humans; Large-scale systems;
fLanguage
English
Publisher
ieee
Conference_Titel
Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on
Conference_Location
London
Print_ISBN
978-0-7695-3742-9
Electronic_ISBN
978-0-7695-3742-9
Type
conf
DOI
10.1109/POLICY.2009.23
Filename
5197375
Link To Document