Title :
Regulated delegation in distributed systems
Author :
Ao, Xuhui ; Minsky, Naftaly H.
Author_Institution :
Ask Jeeves, Piscataway, NJ
Abstract :
Certificate-based delegation (CBD) is a prominent element of distributed access control, providing it with flexibility and scalability. But despite its elegance and effectiveness, CBD has inherent limitations that restrict its applicability. These limitations include, among others: lack of support for non-monotonic policies, such as separation of duties; the inability to support the transfer of privileges, where the delegator loses the privilege it delegates; and the lack of support for quotas, i.e., restrictions on the number of time a given privilege can be exercised. This paper describes an approach to the distributed delegation, which shares much of the flexibility and scalability of CBD, but is not encumbered by its limitations. This approach is based on the decentralized control mechanism called law-governed interaction (LGI), which is used to regulate the process of delegation itself
Keywords :
authorisation; distributed processing; certificate-based delegation; decentralized control; distributed access control; distributed delegation; distributed systems; law-governed interaction; nonmonotonic policies; regulated delegation; Access control; Authorization; Computer science; Conferences; Distributed control; Logic; Process control; Project management; Public key; Scalability;
Conference_Titel :
Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on
Conference_Location :
London, Ont.
Print_ISBN :
0-7695-2598-9
DOI :
10.1109/POLICY.2006.27
