Designing a Distributed Authorization Service
نویسندگان
چکیده
We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) The use of a language, called generalized access control list (GACL), as a common representation of authorization requirements. (2) The use of authenticated delegation to effect authorization offloading from an end server to an authorization server. We present the syntax and semantics of GACL, and illustrate how it can be used to specify authorization requirements that cannot be easily specified by ordinary ACL. We also describe the protocols in our design.
منابع مشابه
A New Collaborative Trust Enhanced Security Model For Distributed System
Designing a distributed system with the characteristics of reliability and trustworthiness is an important issue. Yet another important issue in the distributed system is the access of remote system which can be achieved on the basis of certain access rights, policies or authorization semantics. The aim of this paper is to establish a collaborative trust enhanced security model for distributed ...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملDesigning an Authorization Service
We present the design of an authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) The use of a language, called generalized access control list (GACL), as a common representation of authorization requirements. (2) The use of authen...
متن کاملA Resource Access Decision Service for CORBA-Based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are. It also enables elaborate and consistent access control policies across hete...
متن کاملA Role-Based Authorization Model for Service-Oriented Architecture
Service-oriented architecture (SOA) is widely recognized as an especially effective solution for integrating loosely coupled and distributed resources. One of the major challenges in developing SOAbased applications is the management of authorization requirements in distributed environments. This paper proposes a formal authorization model based on a role-based access control model to demonstra...
متن کامل