dRBAC: distributed role-based access control for dynamic coalition environments
Tóm tắt
distributed role-based access control (dRBAC) is a scalable, decentralized trust-management and access-control mechanism for systems that span multiple administrative domains. dRBAC utilizes PKI identities to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. The mapping of controlled actions to roles enables their namespaces to serve as policy roots. dRBAC distinguishes itself from previous approaches by providing three features: (1) third-party delegation of roles from outside a domain's namespace, relying upon an explicit delegation of assignment; (2) modulation of transferred permissions using scalar valued attributes associated with roles; and (3) continuous monitoring of trust relationships over long-lived interactions. The paper describes the dRBAC model and its scalable implementation using a graph approach to credential discovery and validation.
Từ khóa
#Access control #Permission #Authorization #Control systems #Protection #Computer science #IP networks #Web and internet services #Computerized monitoring #FeedsTài liệu tham khảo
howell, 2000, End-to-end authorization, Proc Second USENIX Symp Operating Systems Design and Implementation
10.1145/501983.502005
myers, 1996, X.509 Internet Public Key Infrastructure Online Certicate Status Protocol, IETF RFC 2560
naor, 1998, Certificate revocation and certificate update, Proc of USENIX Security Svmp
2001, Project JXTA. JXTA Version 1.0 Protocols Specification
rivest, 1996, SDSI - A simple distributed security infrastructure, Proc of CRYPTO '96
10.1109/2.485845
10.1145/174613.174614
chen, 2001, Poblano: A Distributed Trust Model for Peer-to-Peer Networks
10.1109/SECPRI.1996.502679
ellison, 1998, SPKI Certificate Theory, RFC 2693 IETF
clarke, 1999, Certificate Chain Discovery in SPKIISDS I
freudenthal, 2002, Credentialed Secure Communication Switchboards, Proc of IEEE Workshop on Resource Sharing in Massively Distributed Systems
freudenthal, 2001, DisCo: A Distribution Infrastructure for Securely Deploying Decomposable Services in Partially Trusted Environments, Technical Report, 2001
blaze, 1998, KeyNote: Trust management for publickey infrastructures, Proc Security Protocols Workshop, 10.1007/3-540-49135-X_9
aiello, 1998, Fast digital identity revocation, Proc CRYPTO'98
housley, 1999, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF RFC 2459