Title :
Designing a distributed authorization service
Author :
Woo, Thomas Y C ; Lam, Simon S.
Author_Institution :
Networking Software Res. Dept., Bell Labs., USA
fDate :
29 Mar-2 Apr 1998
Abstract :
We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized access control list (GACL), as a common representation of authorization requirements; and (2) the use of authenticated delegation to effect authorization offloading from an end server to an authorization server. We present the syntax and semantics of GACL, and illustrate how it can be used to specify authorization requirements that cannot be easily specified by ordinary ACL. We also describe the protocols in our design
Keywords :
Internet; distributed processing; message authentication; network servers; protocols; public key cryptography; Internet; World Wide Web; authenticated delegation; authentication services; authorization requirements; authorization server; distributed authorization service design; distributed systems; end server; generalized access control list; language; protocols; public key based system; semantics; syntax; Access control; Authentication; Authorization; Computer networks; Concurrent computing; Distributed computing; Electronic mail; Internetworking; Protocols; Web server;
Conference_Titel :
INFOCOM '98. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE
Conference_Location :
San Francisco, CA
Print_ISBN :
0-7803-4383-2
DOI :
10.1109/INFCOM.1998.665058
