Title :
Access control on the Web using proof-carrying authorization
Author :
Bauer, Lujo ; Schneider, Michael A. ; Felten, Edward W. ; Appel, Andrew W.
Author_Institution :
Dept. of Comput. Sci., Princeton Univ., NJ, USA
Abstract :
We describe a system for access control on the Web that is based on the ideas of proof-carrying authorization (PCA). Our system is implemented as modules that extend a standard Web server and Web browser to use PCA to control access to Web pages. The Web browser generates proofs mechanically by iteratively fetching proof components until a proof can be constructed. We provide for iterative authorization, by which a server can require a browser to prove a series of challenges. Our implementation includes a series of optimizations, such as speculative proving, and modularizing and caching proofs, and demonstrates that the goals of generality, flexibility, and interoperability are compatible with reasonable performance.
Keywords :
Internet; authorisation; client-server systems; online front-ends; Web browser; Web server; World Wide Web; access control; interoperability; iterative authorization; iterative proof component fetching; mechanical proof generation; optimizations; proof-carrying authorization; speculative proving; Access control; Authorization;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194942
