Delegation through access control programs

Author

Theimer, Marvin M. ; Nichols, David A. ; Terry, Douglas B.

Author_Institution

Xerox Corp., Palo Alto, CA, USA

fYear

1992

fDate

9-12 Jun 1992

Firstpage

529

Lastpage

536

Abstract

Access control programs (ACPs), which permit controlled delegation of access rights to untrusted computer hosts, are discussed. Existing delegation protocols for distributed systems provide a way for a client to transfer its access rights to an intermediary, but provide only limited facilities for restricting the rights granted to the intermediary. ACPs are small programs that encode arbitrary specifications of delegated access rights. They are created and digitally signed by a client and passed to a server through an intermediary. When processing a request from the intermediary, the server executes the access control program to decide whether or not to grant the intermediary´s request. Examples of ACPs used in a variety of applications are presented. A sample implementation of ACPs in the Andrew File System is described

Keywords

authorisation; distributed processing; file organisation; protocols; Andrew File System; access control programs; access rights; arbitrary specifications; controlled delegation; delegation protocols; distributed systems; Access control; Access protocols; Concurrent computing; Control systems; Distributed computing; File servers; File systems; Permission;

fLanguage

English

Publisher

ieee

Conference_Titel

Distributed Computing Systems, 1992., Proceedings of the 12th International Conference on

Conference_Location

Yokohama

Print_ISBN

0-8186-2865-0

Type

conf

DOI

10.1109/ICDCS.1992.235000

Filename

235000