Cross-Domain Access Control via PKI
نویسندگان
چکیده
In this note we consider how role-based access control can be managed on a large scale over the Internet and across organizational boundaries. We take a PKI approach, in which users are identified using public key certificates, as are the servers. The main features of our approach are: access control by (client, role) pair; implied revocation based on the role hierarchy; automatic generation of certificate validity tickets; and certificate chains to prove a client role hierarchy
منابع مشابه
Efficient and User Friendly Inter-domain Device Authentication/Access Control for Home Networks
Device authentication can reinforce the security of the home network services by ensuring that only specific authorized devices by specific authorized users can access the services. And it is also a mandatory technology for context-aware services in which users are not participant in the service flow. In this paper, we propose a device authentication and access control scheme based on two-layer...
متن کاملA Secure Access Control Mechanism Web Service-based in Extended Organization PKI Networks
Organizations use PKI (Public Key Infrastructures) to support internal business processes, but some businesses have industrial partnerships with others, and these alliances can exploit B2B (Business to Business) e-commerce capabilities by connecting corporate PKI. The paper deals with two methods to realize access control in extended organization PKI business processes: BCAs (Bridge Certificati...
متن کاملCross-domain Authentication Alliance Protocol Based on Isomorphic Groups
With the development of information technology in distributed network, such as cloud computing and grid computing. They need mutual coordination resources among the various areas to meet the requirement in infinite speed and infinite space of information technology for people. To ensure secure access resources among areas, the paper proposes a cross-domain authentication allianceagreement. This...
متن کاملdRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments (TR2001-819)
Distributed Role-Based Access Control (dRBAC) is a scalable, decentralized trust-management and access-control mechanism for systems that span multiple administrative domains. dRBAC represents controlled actions in terms of roles, which are defined within the trust domain of one entity and can be transitively delegated to other roles within a different trust domain. dRBAC utilizes PKI to identi...
متن کاملTowards a More Secure and Scalable Verifying PKI of eMRTD
The new electronic passport stores biometric data on a contactless readable chip to uniquely link the travel document to its holder. This sensitive data is protected by a complex protocol called Extended Access Control (EAC) against unlawful readouts. EAC is manifold and thus needs a complex public key infrastructure (PKI). Additionally EAC is known to suffer from unsolved weaknesses, e.g., sto...
متن کامل