Efficient fault-tolerant certificate revocation
Proceedings of the 7th ACM conference on Computer and communications security
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Certificate revocation and certificate update
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A fine-grained, controllable, user-to-user delegation method in RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
A survey of autonomic communications
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Dynamic access control research for inter-operation in multi-domain environment based on risk
WISA'07 Proceedings of the 8th international conference on Information security applications
Security analysis and validation for access control in multi-domain environment based on risk
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Hi-index | 0.00 |
We describe Fidelis, a policy-driven trust management framework, designed for highly decentralized distributed applications, with many interoperating, collaborative but potentially distrusting principals. To address the trust management needs for such applications, Fidelis is designed to support the principle of separation of policies and credentials, and the notion of full domain autonomy. Based on these, credentials are considered simply as static data structures, much like membership cards in real life. Policies, which are autonomously specified, administered and managed, interpret and provide the semantics for these credentials. In this paper, we describe the Fidelis policy framework which serves as the abstract, conceptual foundation. We also describe a specific implementation of the policy framework, in the form of the Fidelis policy language. Both the syntax and the semantics of the language are described. A discussion is given to show that the Fidelis approach is attractive for many applications.