Designing a distributed authorization service

27 November 2002

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

Vol. 2 (0743166X), 419-429
https://doi.org/10.1109/infcom.1998.665058

Abstract

We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) the use of a language, called generalized access control list (GACL), as a common representation of authorization requirements; and (2) the use of authenticated delegation to effect authorization offloading from an end server to an authorization server. We present the syntax and semantics of GACL, and illustrate how it can be used to specify authorization requirements that cannot be easily specified by ordinary ACL. We also describe the protocols in our design.

Keywords

This publication has 7 references indexed in Scilit:

Proxy-based authorization and accounting for distributed systems
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
A flexible distributed authorization protocol
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
Generic Security Service Application Program Interface, Version 2
Published by RFC Editor ,1997
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems, 1993
Authorization in Distributed Systems: A New Approach1
Journal of Computer Security, 1993
A framework for distributed authorization
Published by Association for Computing Machinery (ACM) ,1993
Authentication in distributed systems
ACM Transactions on Computer Systems, 1992

Cited by 29 articles