The well-founded semantics for general logic programs
Journal of the ACM (JACM)
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
The role of trust management in distributed systems security
Secure Internet programming
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Using Authority Certificates to Create Management Structures
Revised Papers from the 9th International Workshop on Security Protocols
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Grid Computing: Making the Global Infrastructure a Reality
Grid Computing: Making the Global Infrastructure a Reality
Delegation in the role graph model
Proceedings of the eleventh ACM symposium on Access control models and technologies
Commitment issues in delegation process
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Towards more controllable and practical delegation
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Hi-index | 0.04 |
In this paper, we distinguish between authorization problems at management level and request level in open decentralized systems, using delegation for flexible and scalable authorization management. The delegation models in existing approaches are limited within one level or only provide basic delegation schemes, and have no effective control over the propagation scope of delegated privileges. We propose REAL, a Role-based Extensible Authorization Language framework for open decentralized systems. REAL covers delegation models at both two levels and provides more flexible and scalable authorization and delegation policies while capable of restricting the propagation scope of delegations. We formally define the semantics of credentials in REAL by presenting a translation algorithm from credentials to Datalog rules (with negation-as-failure). This translation also shows that the semantics can be computed in polynomial time.