Title :
Constrained delegation
Author :
Bandmann, Olav ; Dam, Mads ; Firozabadi, Babak Sadighi
Author_Institution :
Swedish Inst. of Comput. Sci., Kista, Sweden
fDate :
6/24/1905 12:00:00 AM
Abstract :
Sometimes it is useful to be able to separate management of a set of resources, and access to the resources themselves. However, current accounts of delegation do not allow such distinctions to be easily made. We introduce a new model for delegation to address this issue. The approach is based on the idea of controlling the possible shapes of delegation chains. We use constraints to restrict the capabilities at each step of delegation. Constraints may reflect e.g. group memberships, timing constraints, or dependencies on external data. Regular expressions are used to describe chained constraints. We present a number of example delegation structures, based on a scenario of collaborating organisations.
Keywords :
authorisation; chained constraints; collaborating organisations; constrained delegation; constraints; delegation chain shape control; external data dependencies; group memberships; regular expressions; timing constraints; Authorization; Collaboration; Computer science; Councils; Permission; Resource management; Shape control; Silicon carbide; Technology management; Timing;
Conference_Titel :
Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on
Print_ISBN :
0-7695-1543-6
DOI :
10.1109/SECPRI.2002.1004367
