XML-Based Revocation and Delegation in a Distributed Environment
نویسندگان
چکیده
The rapid increase on the circulation of data over the web has highlighted the need for distributed storage of Internet-accessible information due to the rapid increase on the circulation of data over the web. Thus, access control mechanisms should also be distributed in order to protect them effectively. A recent idea in the access control theory is the delegation and revocation of rights, i.e. the passing over of one clients rights to the other and vice versa. Here, we propose an XML-based distributed delegation module which can be integrated into a distributed role-based access control mechanism protecting networks. The idea of X.509v3 certificates is used for the transfer of authorization information referring to a client. The modules are XML-based and all of the associated data structures are expressed through Document Type Definitions (DTDs).
منابع مشابه
Access control in a distributed object environment using XML and roles
We discuss the design of an integrated security architecture for authorization and authentication in a distributed object environment. Our architecture will have four main components: an authentication engine, an interface, a session manager and an authorization engine. The core component of our model is the session manager, which issues XML-based session certificates to authenticated users. A ...
متن کاملContext Dependent Revocation in Delegated XACML
The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes...
متن کاملRB-GDM: A Role-Based Grid Delegation Model
Grid delegation is the procedure by which a valid user endows another user or a program or service with the ability to act on that user’s behalf. Delegation is the primary form of authorization in grids. The large and geographically distributed, dynamic, heterogeneous and scalable grid environment poses unique delegation requirements. Presently there are no standard mechanisms to guide grid del...
متن کاملRevocation Schemes for Delegation Licences
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several delegation types, such as...
متن کاملManaging Revocation in Role Based Access Control Models Using Delegation Licences
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform the revocation and how to manage the revocation policy. We show how to deal with these two aspects in our delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several types of of delegatio...
متن کامل