Explicit Delegation Using Configurable Cookies
نویسندگان
چکیده
Password sharing is widely used as a means of delegating access, but it is open to abuse and relies heavily on trust in the person being delegated to. We present a protocol for delegating access to websites as a natural extension to the Pico protocol. Through this we explore the potential characteristics of delegation mechanisms and how they interact. We conclude that security for the delegator against misbehaviour of the delegatee can only be achieved with the cooperation of the entity offering the service being delegated. To achieve this in our protocol we propose configurable cookies that capture delegated permissions.
منابع مشابه
Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud
Controlled sharing is fundamental to distributed systems; yet, on the Web, and in the Cloud, sharing is still based on rudimentary mechanisms. More flexible, decentralized cryptographic authorization credentials have not been adopted, largely because their mechanisms have not been incrementally deployable, simple enough, or efficient enough to implement across the relevant systems and devices. ...
متن کاملCache Cookies for Browser Authentication ( Extended Abstract ) Ari Juels Markus Jakobsson
Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Man...
متن کاملCache Cookies for Browser Authentication ( Extended
Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Man...
متن کاملDelegation Diagrams: Visual Support for the Development of Object-Oriented Designs
Developers have long used pictures to aid design activities and there has been a lot of interest in standard notations for design. We have developed delegation diagrams, a graphical notation that provides visual support for developing object-oriented designs and that makes the relationship between the requirements and the design explicit. We describe both the notation and tool support, and eval...
متن کاملAvoiding Delegation Subterfuge Using Linked Local Permission Names
Trust Management systems are typically explicit in their assumption that principals are uniquely identifiable. However, the literature has not been as prescriptive concerning the uniqueness of the permissions delegated by principals. Delegation subterfuge may arise when there is ambiguity concerning the uniqueness and interpretation of a permission. As a consequence, delegation chains that are ...
متن کامل