DocumentCode
322328
Title
Designing a distributed authorization service
Author
Woo, Thomas Y C ; Lam, Simon S.
Author_Institution
Networking Software Res. Dept., Bell Labs., USA
Volume
2
fYear
1998
fDate
29 Mar-2 Apr 1998
Firstpage
419
Abstract
We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized access control list (GACL), as a common representation of authorization requirements; and (2) the use of authenticated delegation to effect authorization offloading from an end server to an authorization server. We present the syntax and semantics of GACL, and illustrate how it can be used to specify authorization requirements that cannot be easily specified by ordinary ACL. We also describe the protocols in our design
Keywords
Internet; distributed processing; message authentication; network servers; protocols; public key cryptography; Internet; World Wide Web; authenticated delegation; authentication services; authorization requirements; authorization server; distributed authorization service design; distributed systems; end server; generalized access control list; language; protocols; public key based system; semantics; syntax; Access control; Authentication; Authorization; Computer networks; Concurrent computing; Distributed computing; Electronic mail; Internetworking; Protocols; Web server;
fLanguage
English
Publisher
ieee
Conference_Titel
INFOCOM '98. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE
Conference_Location
San Francisco, CA
ISSN
0743-166X
Print_ISBN
0-7803-4383-2
Type
conf
DOI
10.1109/INFCOM.1998.665058
Filename
665058
Link To Document