Delegation Perspective of Practical Authorization Schemes
نویسندگان
چکیده
Different authorization schemes for Internet applications have been proposed during the last years as solutions for the distributed authorization problem. Because delegation is a concept derived from authorization, this paper studies and put into perspective the delegation implications, issues and concepts that are derived from a number of those authorization schemes. For our study, we have selected a group of authorization schemes based on two issues: their support from international bodies, and the practicality to be deployed and used in real-world Internet applications.
منابع مشابه
Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes
In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user secret key is associated with a set of attributes, and the ciphertext is associated with an access structure or decryption policy over attributes. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the decryption policy specified in the ciphertext. Several CP-ABE schemes have been prop...
متن کاملUne Approche Dynamique pour la Gestion des Politiques de Délégation dans les Systèmes de Contrôle d´Accès
Task delegation is a mechanism that supports organisational flexibility in the humancentric workflow systems, and ensures delegation of authority in access control systems. In this paper, we define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them...
متن کاملRB-GDM: A Role-Based Grid Delegation Model
Grid delegation is the procedure by which a valid user endows another user or a program or service with the ability to act on that user’s behalf. Delegation is the primary form of authorization in grids. The large and geographically distributed, dynamic, heterogeneous and scalable grid environment poses unique delegation requirements. Presently there are no standard mechanisms to guide grid del...
متن کاملA Graphical Delegation Solution for X.509 Attribute Certificates
Delegation is a major goal when a real scalable distributed authorization system is needed. However, the uncontrolled use of delegation statements can become an important security threat; for instance, any user could improperly obtain over a resource the same privileges as the owner of that resource. Therefore, delegation solutions should include a mechanism to control the delegation of privile...
متن کاملAn Authentication Service for Open Network Systems. In
26 In this paper, we have omitted discussion of many of the more practical details due to length limitation. For example, the problems of consistency (due to cache invalidation and certiicate expiration), group membership maintenance and propagation of authorization must be addressed in an implementation. A prototype implementation of our design is currently under way. We have nished implementi...
متن کامل