Federation Web: A Scheme to Compound Authorization Chains on Large-Scale Distributed Systems
نویسندگان
چکیده
Traditional security systems are not easily scalable and can become single points of failure or performance bottlenecks when used on a large-scale distributed system such as the Internet. This problem occurs also when using a Public Key Infrastructure (PKI) with a hierarchical trust model. SDSI/SPKI is a PKI that adopts a more scalable trust paradigm, which is focused on the client and based on authorization chains. However, the task of locating the chain that links a client to a server is not completely addressed by SDSI/SPKI. Aiming to overcome this limitation, this paper proposes extensions to the SDSI/SPKI authorization and authentication model. The proposed approach introduces the concept of Federation Webs, which allow the client to build new authorization chains linking it to a server when a direct path does not exist. A prototype implementation of this proposal has shown
منابع مشابه
Access control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملA Security Scheme for Mobile Agent Platforms in Large-Scale Systems
Mobile agents have recently started being deployed in largescale distributed systems. However, this new technology brings some security concerns of its own. In this work, we propose a security scheme for protecting mobile agent platforms in large-scale systems. This scheme comprises a mutual authentication protocol for the platforms involved, a mobile agent authenticator, and a method for gener...
متن کاملSecurity Mechanisms for Mobile Agent Platforms Based on SPKI/SDSI Chains of Trust
This work defines a security scheme, based on SPKI/SDSI chains of trust, for protecting mobile agent platforms in large-scale distributed systems. The scheme is composed by a protocol of mutual authentication, a mobile agent authenticator and a mechanism for the generation of protection domain. Due to the flexibility of the SPKI/SDSI certificate delegation infrastructures used, the proposed sch...
متن کاملA Large-scale System Authorization Scheme Proposal Integrating Java, CORBA and Web Security Models and a Discretionary Prototype
This paper presents an authorization scheme for large-scale networks that involves programming models and tools represented by Web, Java and CORBA. The authorization scheme is based on structures and concepts introduced in Web, Java and CORBA for security. A discretionary prototype is presented here, where the solutions adopted involving a concrete scheme are discussed. This scheme was develope...
متن کاملDynamic configuration and collaborative scheduling in supply chains based on scalable multi-agent architecture
Due to diversified and frequently changing demands from customers, technological advances and global competition, manufacturers rely on collaboration with their business partners to share costs, risks and expertise. How to take advantage of advancement of technologies to effectively support operations and create competitive advantage is critical for manufacturers to survive. To respond to these...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003