Authorisation and Delegation in the Machination Configuration System
نویسنده
چکیده
Experience with a crudely delegated user interface to our internally developed configuration management system convinced us that delegated access to configuration systems was worth pursuing properly. This paper outlines our approach to authorising access both to individual aspects of configurations and to collections of configurations. We advocate the use of authorisation of some kind on configuration changes and we believe that the system of authorising primitive manipulations of a configuration representation outlined herein could be accommodated by a number of existing configuration systems. The authorisation system described is still experimental and we regret that real world experience of the system in use with end users is not yet available.
منابع مشابه
Authorisation Subterfuge by Delegation in Decentralised Networks
Trust Management [1, 4, 10] is an approach to constructing and interpreting the trust relationships among public-keys that are used to mediate security-critical actions. Cryptographic credentials are used to specify delegation of authorisation among public keys. Existing trust management schemes are operational in nature, defining security in terms of specific controls such as delegation chains...
متن کاملA Logic for Analysing Subterfuge in Delegation Chains
Trust Management is an approach to construct and interpret the trust relationships among public-keys that are used to mediate security-critical actions. Cryptographic credentials are used to specify delegation of authorisation among public keys. Existing trust management schemes are operational in nature, defining security in terms of specific controls such as delegation chains, threshold schem...
متن کاملDynamic Authorisation Policies for Event-Based Task Delegation
Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specifi...
متن کاملA method for access authorisation through delegation networks
Owners of systems and resources usually want to control who can access them. This must be based on having a process for authorising certain parties, combined with mechanisms for enforcing that only authorised parties are actually able to access those systems and resources. In distributed systems, the authorisation process can include negative authorisation (e.g. black listing), and delegation o...
متن کاملUne Approche Dynamique pour la Gestion des Politiques de Délégation dans les Systèmes de Contrôle d´Accès
Task delegation is a mechanism that supports organisational flexibility in the humancentric workflow systems, and ensures delegation of authority in access control systems. In this paper, we define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them...
متن کامل