Policy-directed certificate retrieval
Software—Practice & Experience
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Distributed credential chain discovery in trust management
Journal of Computer Security
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Information flow in trust management systems
Journal of Computer Security - CSF 2010
| Hi-index | 0.00 |
A central task in the context of logic-based decentralized authorization languages is that of gathering credentials from credential providers, required by the resource guard's policy to grant a user's access request. This paper presents an abduction-based algorithm that computes a specification of missing credentials without communicating with remote credential providers. The specification is used to gather credentials from credential providers in a single pass, without involving any communication with the resource guard. The credentials gathered thus are pushed to the resource guard at authorization time. This approach decouples authorization from credential gathering, and, in compprison to server-side pull methods, reduces the number of messqges sent between participants, and allows for environments iTt which some credential providers are unknown or unavailable to the resource guard at authorization time.