Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role based authorization infrastructure along with its conceptual authorization, access control, and trust models. PERMIS has the novel concept of a credential validation service, which...

This paper proposes Zás, a novel, flexible, and expressive authorization mechanism for Java. Zás has been inspired by Ramnivas Laddad’s proposal to modularize Java Authentication and Authorization Services (JAAS) using an Aspect-Oriented Programming (AOP) approach. Zás’ aims are to be simultaneously very expressive, reusable, and easy to use and configure. Zás allows authorization services to b...

Despite recent widespread interest in the secure au-thentication of principals across computer networks there has been considerably less discussion of distributed m e chanisms to support authorization and accounting. By generalizing the authentication model to support restricted p r oxies, both authorization and accounting can be e asily supported. This paper presents the proxy model for author...

Psychological acceptability has been mentioned as a requirement for secure systems for as long as least privilege and fail safe defaults, but until now has been all but ignored in the actual design of secure systems. We place this principle at the center of our design for Adage, an authorization service for distributed applications. We employ usability design techniques to specify and test the ...