Title :
Distributed authorization using delegation with acyclic paths
Author :
Lain, Antonio ; Mowbray, Miranda
Author_Institution :
HP Labs. Bristol
Abstract :
We present a new trust management scheme for distributed authorization which can be easily implemented using X.509-based certificate chains, but does not require globally unique role names. A principal proves that he has authorization for a particular action by demonstrating the existence of an acyclic chain of bindings from a specified principal to himself where the sequence of labels in the chain matches a template. This template is in an easily-computed subset of regular path expressions. Our restrictions to acyclic paths and to a subset of path expressions enable us to permit controlled delegation, relax the requirement of global agreement on role names, and provide an intuitive abstraction. We show that some useful security properties can be determined in polynomial time. Our scheme has been used in practice to secure a management framework for distributed components: we give an overview of the implementation
Keywords :
authorisation; X.509-based certificate chains; acyclic chain; acyclic paths; distributed authorization; distributed components; global agreement; intuitive abstraction; management framework security; polynomial time; regular path expressions; security properties; trust management; Access control; Authentication; Authorization; Joining processes; Polynomials; Scalability; Security;
Conference_Titel :
Computer Security Foundations Workshop, 2006. 19th IEEE
Conference_Location :
Venice
Print_ISBN :
0-7695-2615-2
DOI :
10.1109/CSFW.2006.12
