A Formalization of Distributed Authorization with Delegation
نویسندگان
چکیده
Trust management is a promising approach for the authorization in distributed environment. There are two key issues for a trust management system: how to design high-level policy language and how to solve the compliance-checking problem [3, 4]. We adopt this approach to deal with distributed authorization with delegation. In this paper, we propose an authorization language AL, a human-understandable high level language to specify various authorization policies. We define the semantics of AL through Answer Set Programming. Language AL has rich expressive power which can not only specify delegation, threshold structures addressed in previous approaches, but also represent structured resources and privileges, positive and negative authorizations, separation of duty, incomplete information reasoning and partial authorization and delegation. We also demonstrate the application of language AL through an authorization scenario.
منابع مشابه
RB-GDM: A Role-Based Grid Delegation Model
Grid delegation is the procedure by which a valid user endows another user or a program or service with the ability to act on that user’s behalf. Delegation is the primary form of authorization in grids. The large and geographically distributed, dynamic, heterogeneous and scalable grid environment poses unique delegation requirements. Presently there are no standard mechanisms to guide grid del...
متن کاملA Graphical Delegation Solution for X.509 Attribute Certificates
Delegation is a major goal when a real scalable distributed authorization system is needed. However, the uncontrolled use of delegation statements can become an important security threat; for instance, any user could improperly obtain over a resource the same privileges as the owner of that resource. Therefore, delegation solutions should include a mechanism to control the delegation of privile...
متن کاملDelegation Perspective of Practical Authorization Schemes
Different authorization schemes for Internet applications have been proposed during the last years as solutions for the distributed authorization problem. Because delegation is a concept derived from authorization, this paper studies and put into perspective the delegation implications, issues and concepts that are derived from a number of those authorization schemes. For our study, we have sel...
متن کاملOn the deployment of a real scalable delegation service
This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker a...
متن کاملUsing Trust for Restricted Delegation in Grid Environments
Delegation is an important tool for authorization in large distributed environments. However, current delegation mechanisms used in emerging Grids have problems to allow for flexible and secure delegation. This paper presents a framework to realize restricted delegation using a specific attribute certificate with trust value in grid environments. The framework employs attribute certificates to ...
متن کامل