Proxy-Based Authorization and Accounting for Distributed Systems
نویسنده
چکیده
Despite recent widespread interest in the secure au-thentication of principals across computer networks there has been considerably less discussion of distributed m e chanisms to support authorization and accounting. By generalizing the authentication model to support restricted p r oxies, both authorization and accounting can be e asily supported. This paper presents the proxy model for authorization and shows how the model can be used to support a wide range of authorization and accounting mechanisms. The proxy model strikes a balance b etween access-control-list and capability-based m e chanisms allowing each to be used where appropriate and allowing their use in combination. The paper describes how restricted p r oxies can be supported using existing authentication methods.
منابع مشابه
Distributed Virtual System (divirs) Project Formerly Center for Experimental Research in Parallel Algorithms, Software, and Systems Co-principal Investigator Prepared under Nasa Cooperative Agreement Ncc 2-539 for Henry Lum, Technical Officer Nasa Information Sciences Division 244-7 Semiannual Progress Report
Despite recent widespread _lderes! in the secure au-thel_tication of pri,cipals across computer networksthere has been considerably less diseussiol_ of dis-tributed mechanisms to support aulhorizalior_ and ac-coul_ling. By generaliztT_g the aulhel_ltcalion model tosupport restricted prol'ies, both authorization and ac-couoting can be easily supported. This paper presel_t...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملExtending Jini with Decentralized Trust Management
Decentralized Trust Management, originally introduced by the PolicyMaker and SDSI prototypes, and currently promoted at least by the KeyNote2, SPKI, and TeSSA development efforts, provides a means of distributed authorization that seems to be especially suitable for distributed object systems and agent based systems. In this paper we introduce the SIESTA project, which studies how to integrate ...
متن کاملRFC 6572 RADIUS PMIPv
This document defines new attributes to facilitate Proxy Mobile IPv6 operations using the RADIUS infrastructure. The protocol defined in this document uses RADIUS-based interfaces of the mobile access gateway and the local mobility anchor with the AAA server for authentication, authorization, and policy functions. The RADIUS interactions between the mobile access gateway and the RADIUS-based AA...
متن کاملAn Application of Policy-Based Signature: Proof-Carrying Proxy Certificates
The term proxy certificate is used to describe a certificate that is issued by an end user for the purpose of delegating responsibility to another user so that the latter can perform certain actions on behalf of the former. Such certificates have been suggested for use in a number of applications, particularly in distributed computing environments where delegation of rights is common. In this p...
متن کامل