Security in depth through smart space cascades
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
| Hi-index | 0.00 |
In this paper we describe a mechanism for managing authorisation policies in distributed environments. This mechanism is based on public key infrastructure (PKI) and privilege management infrastructure (PMI). In our approach each domain comprises a root policy and some subordinate authorisation policies. The root policy specifies how to use the subordinate policies. The subordinate policies describe the access control rules that are used for making access control decisions. The subordinate policies can be defined and managed independently and dynamically loaded into the access control system at runtime. All these policies are stored in X.509 attribute certificates (ACs), thus guaranteeing their integrity. The AC that holds root policy is co-located with access control system; the ACs that holds subordinate policies can be distributed. In the root policy we use policy schemes, policy sub-schemes and policy hierarchies to manage the subordinate policies; because they make the policy management flexible and easy.