A resource access decision service for CORBA-based distributed systems

Author

Beznosov, Konstantin ; Deng, Yi ; Blakley, Bob ; Burt, Carol ; Barkley, John

Author_Institution

Baptist Health Syst. of South Florida, Miami, FL, USA

fYear

1999

fDate

1999

Firstpage

310

Lastpage

319

Abstract

Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those policies and factors are. It also enables elaborate and consistent access control policies across heterogeneous systems. We present the design of a service for resource access authorization in distributed systems. The service enables one to decouple authorization logic from application functionality. Although the described service is based on CORBA technology, the design approach can be successfully used in any distributed computing environment

Keywords

authorisation; distributed object management; logic; CORBA-based distributed systems; access control policy; application functionality; application logic; authorization logic; consistency; distributed computing environment; fine-grain access control requirements; heterogeneous systems; resource access decision service; Access control; Authorization; Context modeling; Electrical capacitance tomography; Logic design; Medical services; NIST; Read only memory; Road transportation; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

Conference_Location

Phoenix, AZ

ISSN

1063-9527

Print_ISBN

0-7695-0346-2

Type

conf

DOI

10.1109/CSAC.1999.816041

Filename

816041