Certificate-based Authorization Policy in a PKI Environment (2003) [45 citations — 3 self]

Download:

by Mary R. Thompson, Abdelilah Essiari

ACM Transactions on Information and System Security

http://www-itg.lbl.gov/security/Akenti/Papers/ACMTISSEC.pdf

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@ARTICLE{Thompson03certificate-basedauthorization,
    author = {Mary R. Thompson and Abdelilah Essiari},
    title = {Certificate-based Authorization Policy in a PKI Environment},
    journal = {ACM Transactions on Information and System Security},
    year = {2003},
    volume = {6},
    pages = {566--588}
}

Abstract:

The major emphasis of Public Key Infrastructure has been to provide a cryptographically secure means of authenticating identities. However, procedures for authorizing the holders of these identities to perform specific actions still need additional research and development. While there are a number of proposed standards for authorization structures and protocols [Hallam-Baker and Maler 2002, Blaze et al 1999, Myers 1997, Ellison 1999, Damianou et al. 2001] based on X.509 or other key-based identities, none have been widely adopted. As part of an effort to use X.509 identities to provide authorization in highly distributed environments, we have developed and deployed an authorization service based on X.509 identified users and access policy contained in certificates signed by X.509 identified stakeholders. The major goal of this system, called Akenti, is to produce a usable authorization system for an environment consisting of distributed resources used by geographically and administratively distributed users. Akenti assumes communication between users and resources over a secure protocol such as secure socket layer (TLS) to provide mutual authentication with X.509 certificates. This paper explains the authorization model and policy language used by Akenti, and how we have implemented an Apache authorization module to provide Akenti authorization.

Citations

369	Authentication in distributed systems: Theory and practice – Lampson, Abadi, et al. - 1992
124	Proxy-based authorization and accounting for distributed systems – Neuman - 1993
16	The reality of collaboratories – Agarwal, Sachs, et al. - 1998
1	2003 eXtensible Access Control Markup Language (XACML) Version 1.0 oasis-xamcl1.0.pdf http://www.oasis-open.org/committees/xacml/repository/oasis-xamcl-1.0.pdf Y – STEWART - 1999
1	Computational Grids in Action: The National Fusion Collaboratory, Future Generation Computer System, 2001., http://www.fusiongrid.org – MCCUNE - 2001
1	An Authorization System for Virtual Organizations presented at the 1st – GIANOLI, SPATARO
1	2003 eXtensible Access Control Markup Language (XACML) Version 1.0 oasis-xamcl1.0.pdf http://www.oasis-open.org/committees/xacml/repository/oasis-xamcl-1.0.pdf Y – LUOTONEN - 1999

View or Download | Add to My Collection | Correct Errors