{"title":"用于广泛分布的访问控制的授权和属性证书","authors":"W. Johnston, Srilekha Mudumbai, M. Thompson","doi":"10.1109/ENABL.1998.725715","DOIUrl":null,"url":null,"abstract":"The authors describe a system whose purpose is to explore the use of certificates for the distributed management of access rights for resources that have multiple, independent, and geographically dispersed stakeholders. The stakeholders assert their use-conditions in authorization certificates and designate those trusted to attest to the corresponding attributes. These use-conditions implicitly define access groups through their requirement for certain attributes. All use-conditions must be satisfied simultaneously, so the actual access group is the intersection of all of the groups. A policy engine collects the use-condition certificates and attribute certificates when a user attempts to access a particular resource. If all of the use-conditions are met, a capability is generated for the resource. The policy engine can provide several different policy models depending on whether any relationship is established among the use-conditions. The system architecture and implementation is described, together with some of the identified strengths, weaknesses, and vulnerabilities.","PeriodicalId":321059,"journal":{"name":"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)","volume":"965 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"136","resultStr":"{\"title\":\"Authorization and attribute certificates for widely distributed access control\",\"authors\":\"W. Johnston, Srilekha Mudumbai, M. Thompson\",\"doi\":\"10.1109/ENABL.1998.725715\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The authors describe a system whose purpose is to explore the use of certificates for the distributed management of access rights for resources that have multiple, independent, and geographically dispersed stakeholders. The stakeholders assert their use-conditions in authorization certificates and designate those trusted to attest to the corresponding attributes. These use-conditions implicitly define access groups through their requirement for certain attributes. All use-conditions must be satisfied simultaneously, so the actual access group is the intersection of all of the groups. A policy engine collects the use-condition certificates and attribute certificates when a user attempts to access a particular resource. If all of the use-conditions are met, a capability is generated for the resource. The policy engine can provide several different policy models depending on whether any relationship is established among the use-conditions. The system architecture and implementation is described, together with some of the identified strengths, weaknesses, and vulnerabilities.\",\"PeriodicalId\":321059,\"journal\":{\"name\":\"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)\",\"volume\":\"965 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1998-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"136\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ENABL.1998.725715\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.1998.725715","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Authorization and attribute certificates for widely distributed access control
The authors describe a system whose purpose is to explore the use of certificates for the distributed management of access rights for resources that have multiple, independent, and geographically dispersed stakeholders. The stakeholders assert their use-conditions in authorization certificates and designate those trusted to attest to the corresponding attributes. These use-conditions implicitly define access groups through their requirement for certain attributes. All use-conditions must be satisfied simultaneously, so the actual access group is the intersection of all of the groups. A policy engine collects the use-condition certificates and attribute certificates when a user attempts to access a particular resource. If all of the use-conditions are met, a capability is generated for the resource. The policy engine can provide several different policy models depending on whether any relationship is established among the use-conditions. The system architecture and implementation is described, together with some of the identified strengths, weaknesses, and vulnerabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
