Using Authority Certificates to Create Management Structures
نویسندگان
چکیده
We address the issue of updating privileges in a dynamic environment by introducing authority cerrtificates in a Privilege Management Infrastructure. These certificates can be used to create access-level permissions but also to delegate authority to other agents, thereby providing a mechanism for creating management structures and for changing these structures over time. We present a semantic framework for privileges and certificates and an associated calculus, encoded as a logic program, for reasoning about them. The framework distinguishes between the time a certificate is issued or revoked and the time for which the associated privilege is created. This enables certificates to have prospective and retrospective effects, and allows us to reason about privileges and their consequences in the past, present, and future. The calculus provides a verification procedure for determining, given a set of declaration and revocation certificates, whether a certain privilege holds.
منابع مشابه
Revocation in the privilege calculus ?
We have previously presented a framework for updating privileges and creating management structures by means of authority certificates. These are used both to create access-level permissions and to delegate authority to other agents. In this paper we extend the framework to support a richer set of revocation schemes. As in the original, we present an associated calculus of privileges, encoded a...
متن کاملRevocation Schemes for Delegated Authorities
We have previously presented a framework for updating privileges and creating management structures by means of authority certificates. These are used both to create access-level permissions and to delegate authority to other agents. In this paper we extend the framework to support a richer set of revocation schemes. As in the original, we present an associated calculus of privileges, encoded a...
متن کاملEvaluating web PKIs
Certificate authorities serve as trusted parties to help secure web communications. They are a vital component for ensuring the security of cloud infrastructures and big data repositories. Unfortunately, recent attacks using mis-issued certificates show this model is severely broken. Much research has been done to enhance certificate management in order to create more secure and reliable cloud ...
متن کاملEfficient transmission of PKI certificates using elliptic curve cryptography and its variants
The demand for wireless networks is increasing rapidly and it becomes essential to design existing Public-Key Infrastructure (PKI) useful for wireless devices. A PKI is a set of procedures needed to create, distribute and revoke digital certificates. PKI is an arrangement that binds public keys with respective user identities by means of a Certificate Authority (CA). The user identity must be u...
متن کاملA Secure Access Control Mechanism Web Service-based in Extended Organization PKI Networks
Organizations use PKI (Public Key Infrastructures) to support internal business processes, but some businesses have industrial partnerships with others, and these alliances can exploit B2B (Business to Business) e-commerce capabilities by connecting corporate PKI. The paper deals with two methods to realize access control in extended organization PKI business processes: BCAs (Bridge Certificati...
متن کامل