Design of a role-based trust-management framework

Author

Li, Ninghui ; Mitchell, John C. ; Winsborough, William H.

Author_Institution

Dept. of Comput. Sci., Stanford Univ., CA, USA

fYear

2002

fDate

6/24/1905 12:00:00 AM

Firstpage

114

Lastpage

130

Abstract

We introduce the RT framework, a family of role-based trust management languages for representing policies and credentials in distributed authorization. RT combines the strengths of role-based access control and trust-management systems and is especially suitable for attribute-based access control. Using a few simple credential forms, RT provides localized authority over roles, delegation in role definition, linked roles, and parameterized roles. RT also introduces manifold roles, which can be used to express threshold and separation-of-duty policies, and delegation of role activations. We formally define the semantics of credentials in the RT framework by presenting a translation from credentials to Datalog rules. This translation also shows that this semantics is algorithmically tractable.

Keywords

DATALOG; authorisation; programming language semantics; Datalog rules; RT framework; attribute-based access control; credentials; distributed authorization; linked roles; localized authority; parameterized roles; policies; role activations; role based trust management languages; role-based access control; semantics; separation-of-duty policies; threshold policies; Access control; Authorization; Books; Collaboration; Computer science; Control systems; Data security; Permission; Privacy; Public key;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on

ISSN

1081-6011

Print_ISBN

0-7695-1543-6

Type

conf

DOI

10.1109/SECPRI.2002.1004366

Filename

1004366