Title :
Federation Web: a scheme to compound authorization chains on large-scale distributed systems
Author :
Santin, Altair Olivo ; Da Silva Fraga, Joni ; Siqueira, Frank ; De Mello, Emerson R.
Author_Institution :
Dept. of Autom. & Syst., Fed. Univ. of Santa Catarina, Brazil
Abstract :
Traditional security systems are not easily scalable and can become single points of failure or performance bottlenecks when used on a large-scale distributed system such as the Internet. This problem occurs also when using a public key infrastructure (PKI) with a hierarchical thrust model. SDSI/SPKI is a PKI that adopts a more scalable trust paradigm, which is focused on the client and based on authorization chains. However, the task of locating the chain that links a client to a server is not completely addressed by SDSI/SPKI. Aiming to overcome this limitation, the paper proposes extensions to the SDSI/SPKI authorization and authentication model. The proposed approach introduces the concept of Federation Webs, which allows the client to build new authorization chains linking it to a server when a direct path does not exist. A prototype implementation of this proposal has shown promising results.
Keywords :
Internet; authorisation; message authentication; public key cryptography; telecommunication security; Federation Web; Internet; PKI; SDSI; SPKI; authentication model; authorization model; compound authorization chains; large-scale distributed systems; public key infrastructure; scalable trust paradigm; security systems; Authentication; Authorization; Automation; Computer science; Computer security; Internet; Joining processes; Large-scale systems; Public key; Scalability;
Conference_Titel :
Reliable Distributed Systems, 2003. Proceedings. 22nd International Symposium on
Print_ISBN :
0-7695-1955-5
DOI :
10.1109/RELDIS.2003.1238056
