Designing a distributed authorization service
We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized...
Saved in:
Published in | Annual Joint Conference of the IEEE Computer and Communications Societies Vol. 2; pp. 419 - 429 vol.2 |
---|---|
Main Authors | , |
Format | Conference Proceeding Journal Article |
Language | English |
Published |
IEEE
1998
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized access control list (GACL), as a common representation of authorization requirements; and (2) the use of authenticated delegation to effect authorization offloading from an end server to an authorization server. We present the syntax and semantics of GACL, and illustrate how it can be used to specify authorization requirements that cannot be easily specified by ordinary ACL. We also describe the protocols in our design. |
---|---|
Bibliography: | SourceType-Scholarly Journals-2 ObjectType-Feature-2 ObjectType-Conference Paper-1 content type line 23 SourceType-Conference Papers & Proceedings-1 ObjectType-Article-3 |
ISBN: | 0780343832 9780780343832 |
ISSN: | 0743-166X 2641-9874 |
DOI: | 10.1109/INFCOM.1998.665058 |