A Logic for Inclusion of Administrative Domains and Administrators in Multi-domain Authorization
نویسندگان
چکیده
Authorization policies for an administrative domain or a composition of multiple domains in multi-domain environments are determined by either one administrator or multiple administrators' cooperation. Several logic-based models for multi-domain environments' authorization have been proposed; however, they have not considered administrators and administrative domains in policies' representation. In this paper, we propose the syntax, proof theory, and semantics of a logic for multi-domain authorization policies including administrators and administrative domains. Considering administrators in policies provides the possibility of presenting composite administration having applicability in many collaborative applications. Indeed, administrators and administrative domains stated in policies can be used in authorization. The presented logic is based on modal logic and utilizes two calculi named the calculus of administrative domains and the calculus of administrators. It is also proved that the logic is sound. A case study is presented signifying the logic application in practical projects.
منابع مشابه
Naming and sharing resources across administrative boundaries
I tackle the problem of naming and sharing resources across administrative boundaries. Conventional systems manifest the hierarchy of typical administrative structure in the structure of their own mechanism. While natural for communication that follows hierarchical patterns, such systems interfere with naming and sharing that cross administrative boundaries, and therefore cause headaches for bo...
متن کاملA Mechanism for Privacy-preserving Concurrent Collaborations in Distributed Environment∗
Several challenges come to fore while realizing collaborations among independent administrative domains in a distributed setup. Interoperability of access control models, deployed in respective collaborating domains, is one such challenge. Collaborating domains may have heterogeneous types of access control models that need to be interoperable in order to accommodate each other’s collaborating ...
متن کاملMobile Ambients.fm
There are two distinct areas of work in mobility: mobile computing, concerning computation that is carried out in mobile devices (laptops, personal digital assistants, etc.), and mobile computation, concerning mobile code that moves between devices (applets, agents, etc.). We aim to describe all these aspects of mobility within a single framework that encompasses mobile agents, the ambients whe...
متن کاملMobile Ambients TCS Submission3.fm
There are two distinct areas of work in mobility: mobile computing, concerning computation that is carried out in mobile devices (laptops, personal digital assistants, etc.), and mobile computation, concerning mobile code that moves between devices (applets, agents, etc.). We aim to describe all these aspects of mobility within a single framework that encompasses mobile agents, the ambients whe...
متن کاملA New Modeling Paradigm for Dynamic Authorization in Multi-domain Systems
The emergence of powerful, full-featured and small formfactor mobile devices enables rich services to be offered to it’s users. As the mobile user interacts with multiple administrative domains, he acquires various attributes. In such dynamic usage scenarios, attributes from one domain are interpreted and used in another domain. This motivates the need for dynamic authorization at the time of i...
متن کامل