ACM SIGAda Ada Letters
Supporting Secure Ad-hoc User Collaboration in Grid Environments
GRID '02 Proceedings of the Third International Workshop on Grid Computing
Using Authority Certificates to Create Management Structures
Revised Papers from the 9th International Workshop on Security Protocols
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Hi-index | 0.00 |
Recently assertions have been explored as a generalisation of certificates within access control. Assertions are used to link arbitrary attributes (e.g. roles, security clearances) to arbitrary entities (e.g. users, resources). These attributes can then be used as identifiers in access control policies to refer to groups of users or resources. In many applications attribute management does not happen within the access control system. External entities manage attribute assignments and issue assertions that are then used in the access control system. Some approaches also allow for the delegation of attribute authority, in order to spread the administrative workload. In such systems the consumers of attribute assertions issued by a delegated authority need a delegation verification scheme. In this article we propose a classification for schemes that allow to verify delegated authority, with a focus on attribute assertion. Using our classification, one can deduce some advantages and drawbacks of different approaches to delegated attribute assertion.