Title :
Delegation through access control programs
Author :
Theimer, Marvin M. ; Nichols, David A. ; Terry, Douglas B.
Author_Institution :
Xerox Corp., Palo Alto, CA, USA
Abstract :
Access control programs (ACPs), which permit controlled delegation of access rights to untrusted computer hosts, are discussed. Existing delegation protocols for distributed systems provide a way for a client to transfer its access rights to an intermediary, but provide only limited facilities for restricting the rights granted to the intermediary. ACPs are small programs that encode arbitrary specifications of delegated access rights. They are created and digitally signed by a client and passed to a server through an intermediary. When processing a request from the intermediary, the server executes the access control program to decide whether or not to grant the intermediary´s request. Examples of ACPs used in a variety of applications are presented. A sample implementation of ACPs in the Andrew File System is described
Keywords :
authorisation; distributed processing; file organisation; protocols; Andrew File System; access control programs; access rights; arbitrary specifications; controlled delegation; delegation protocols; distributed systems; Access control; Access protocols; Concurrent computing; Control systems; Distributed computing; File servers; File systems; Permission;
Conference_Titel :
Distributed Computing Systems, 1992., Proceedings of the 12th International Conference on
Conference_Location :
Yokohama
Print_ISBN :
0-8186-2865-0
DOI :
10.1109/ICDCS.1992.235000
