ÆTHER: an Authorization Management Architecture for Ubiquitous Computing

The ubiquitous computing paradigm suggests that we are going to be surrounded by countless wireless devices capable of providing services transparently. By definition, the nature of ubiquitous computing environments is open and extremely dynamic, making difficult the establishment of predefined security relationships between all of the participating entities. Authentication mechanisms can be employed to establish the identity of a pervasive computing entity but they suffer from scalability problems and have limited value in defining authorization decisions among strangers. In this paper we propose ÆTHER, an authorization management architecture designed specifically to address trust establishment and access control in ubiquitous computing environments. Owners define attribute authority sets and access control policy entries that are embedded into their devices. Members of the attribute authority sets are trusted to issue credentials for the corresponding attributes that can then be used in order to gain access to protected resources. Our architecture supports dynamic membership in these sets facilitating distributed administration, which is required in the context of the volatile nature of ubiquitous security relationships, and attribute mapping to allow roaming among authority domains. Moreover, we present the foundation of a logic model for our proposed architecture that is used to prove access control decisions.