Towards flexible authorization management

Abstract

During the last years there have been a lot of proposals in the literature for systems that attempt to manage the process of trust establishment. However, the engineering details related to the exchange and negotiation of authorization credentials have not received similar attention. Existing solutions like SSL/TLS and IPsec have limitations that minimize their applicability. In this paper we propose a new protocol, the authorization exchange protocol (AXP), that provides a modular and extensible solution to this problem. It is situated between the application and the network layers acting as an authorization middleware component and handles the process of transmitting and receiving service access requests and replies, along with the credentials that are required to support them. In order to allow its use in securing delay sensitive applications, AXP has been designed to work over unreliable datagram transport protocols. We also present a case study and evaluate the performance of our proposal.