Designing a distributed authorization service

We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized...

Full description

Saved in:
Bibliographic Details
Published inAnnual Joint Conference of the IEEE Computer and Communications Societies Vol. 2; pp. 419 - 429 vol.2
Main Authors Woo, T.Y.C., Lam, S.S.
Format Conference Proceeding Journal Article
LanguageEnglish
Published IEEE 1998
Subjects
Access control
Authentication
Authorization
Computer networks
Concurrent computing
Distributed computing
Electronic mail
Internetworking
Protocols
Web server
Online AccessGet full text

Cover

More Information
Summary:We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized access control list (GACL), as a common representation of authorization requirements; and (2) the use of authenticated delegation to effect authorization offloading from an end server to an authorization server. We present the syntax and semantics of GACL, and illustrate how it can be used to specify authorization requirements that cannot be easily specified by ordinary ACL. We also describe the protocols in our design.
Bibliography:SourceType-Scholarly Journals-2
ObjectType-Feature-2
ObjectType-Conference Paper-1
content type line 23
SourceType-Conference Papers & Proceedings-1
ObjectType-Article-3
ISBN:0780343832
9780780343832
ISSN:0743-166X
2641-9874
DOI:10.1109/INFCOM.1998.665058