Distributed Authorization with Distributed Grammars
نویسندگان
چکیده
While groups are generally helpful for the definition of authorization policies, their use in distributed systems is not straightforward. This paper describes a design for authorization in distributed systems that treats groups as formal languages. The design supports forms of delegation and negative clauses in authorization policies. It also considers the wish for privacy and efficiency in group-membership checks, and the possibility that group definitions may not all be available and may contain cycles.
منابع مشابه
Access control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملContextual Grammars with Distributed Catenation and Shuffle
We introduce a new type of contextual grammars. Instead of considering the catenation operation we use the distributed catenation operation. The contexts are distributed catenated with words from the language, de ning in this way new words from the language. We investigate several properties of the languages generated by distributed catenated contextual grammars. Finally, we also present the re...
متن کاملCustomizing Distributed Proofs of Authorization
When identity-based authorization becomes difficult due to the scalability requirements and highly dynamic nature of open distributed systems, digitally certifiable attributes can be an effective basis for specifying authorization policies. Before an authorization decision is made in such a system, a client needs to collect a set of credentials to prove that it satisfies the authorization polic...
متن کاملA Distributed Authorization Language for Ambient Intelligence
Authorization is an open problem in Ambient Intelligence environments. The difficulty of implementing authorization policies lies in the open and dynamic nature of such environments. The information is distributed among various heterogeneous devices that collect, process, change, and share it. Previous work presented a fully distributed approach for reasoning with conflicts in ambient intellige...
متن کاملA Resource Access Decision Service for CORBA-Based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are. It also enables elaborate and consistent access control policies across hete...
متن کامل