A Decentralized Authorization Architecture

Author

Dillema, Feike W. ; Lupetti, Simone ; Stabell-Kulø, Tage

Author_Institution

Dept. of Comput. Sci., Tromso Univ., Tromso

Volume

1

fYear

2007

fDate

21-23 May 2007

Firstpage

497

Lastpage

504

Abstract

We present a decentralized authorization architecture based on capabilities in which parties are able to exercise full control over their resources and delegate it in an ad-hoc manner. In our architecture data objects are encrypted and capabilities are used to gain access to them directly. Data storage can then be decoupled from access to the stored data. Capabilities are also protected by encryption, so that they can be distributed to principals not authorized to use them. Replication and distribution can therefore be used to increase the availability not only of the data objects but of the authorization architecture itself to cope with disconnections and, in general, to adapt to changes of network topology typical of loosely coupled systems such as peer-to-peer networks and collaborative systems.

Keywords

authorisation; cryptography; groupware; peer-to-peer computing; resource allocation; collaborative system; data object; data storage; decentralized authorization architecture; encryption; loosely coupled system; network topology; peer-to-peer network; resource management; Authorization; Collaboration; Computer architecture; Cryptography; Logic; Memory; Network topology; Permission; Pervasive computing; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on

Conference_Location

Niagara Falls, Ont.

Print_ISBN

978-0-7695-2847-2

Type

conf

DOI

10.1109/AINAW.2007.18

Filename

4221107