Proxy-based authorization and accounting for distributed systems

Abstract

A unified model is presented for authentication, authorization, and accounting that is based on proxies. It is shown that the proxy model for authorization can be used to support a wide range of authorization and accounting mechanisms. The proxy model strikes a balance between access-control-list anti capability-based mechanisms, allowing each to be used where appropriate and allowing their use in combination. The author describes how restricted proxies can be supported using existing authentication methods.<>