Authorization with security attributes and privilege delegation

Authors:
Yoshiki Sameshima;Peter Kirstein
Affiliations:
Research and Development Department, Hitachi Software Engineering Co. Ltd., 6-81 Onoe-cho, Naka-ku, Yokohama 231, Japan;Department of Computer Science, University College London, Gower Street, London WC1E 6BT, UK
Venue:
Computer Communications
Year:
1997

Citing 3
Cited 0

Network security via private-key certificates

ACM SIGOPS Operating Systems Review
Extending the ISO Access Framework for Multiple Policies

IFIP/Sec '93 Proceedings of the IFIP TC11, Ninth International Conference on Information Security: Computer Security
III: Security applications: SESAME: The solution to security for open distributed systems

Computer Communications

Quantified Score

Hi-index	0.24

Visualization

Abstract

This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implementation of an information server which adopts the new scheme. As a part of authorization, delegation of privileges is important, however, current delegation mechanisms have problems when the delegation crosses a boundary of security domains. We propose a solution which refers to security information of other security domains through a directory service.