Authorization with security attributes and privilege delegation: Access control beyond the ACL

This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implem...

Full description

Saved in:
Bibliographic Details
Published in:Computer communications 1997-07, Vol.20 (5), p.376-384
Main Authors: Sameshima, Yoshiki, Kirstein, Peter
Format: Article
Language:English
Subjects:
Access control decision function
Access methods and protocols, osi model
Applied sciences
Authorization
Delegation
Exact sciences and technology
Networks
Privilege
Privilege attribute certificate
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implementation of an information server which adopts the new scheme. As a part of authorization, delegation of privileges is important, however, current delegation mechanisms have problems when the delegation crosses a boundary of security domains. We propose a solution which refers to security information of other security domains through a directory service.
ISSN:0140-3664
1873-703X
DOI:10.1016/S0140-3664(97)00027-3