Customizing Distributed Proofs of Authorization

When identity-based authorization becomes difficult due to the scalability requirements and highly dynamic nature of open distributed systems, digitally certifiable attributes can be an effective basis for specifying authorization policies. Before an authorization decision is made in such a system, a client needs to collect a set of credentials to prove that it satisfies the authorization policies. The process to construct such a proof is often interactive and multilateral, involving multiple parties iteratively requesting credentials from one another before presenting all their own relevant credentials; we call this a distributed proof of authorization (DPA). DPAs can be carried out in multiple ways. A resource provider can passively wait for its clients to gather all the credentials required for them to gain access; others can take a proactive approach by directly requesting all credentials from the appropriate issuers on behalf of their client. To move away from these two extremes, which raise issues of efficiency and completeness, we propose Query Routing Rules (QRR) to customize distributed credential collection within a P2P authorization framework called MultiTrust, which gives peers autonomy in deciding whether and how they respond to authorization requests. We provide a distributed proof construction algorithm that peers can use to reason about authorizations based on the access control policies and QRRs. This algorithm is configurable, sound, and complete with regard to the search space covered by QRRs. By configuring different QRRs, MultiTrust can not only use flexible strategies to improve the performance of DPA, but also emulate other distributed trust management frameworks such as QCM and RT0 and serve as a reasoning framework for authorization in heterogeneous distributed systems.