Kirstein, P;
(1997)
Authorization with Security Attributes and Privilege Delegation - Access Control beyond the ACL.
Computer Communications
, 20
(5)
pp. 376-384.
10.1016/S0140-3664(97)00027-3.
Preview |
Text
150.pdf - Accepted Version Download (10MB) | Preview |
Abstract
This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implementation of an information server which adopts the new scheme. As a part of authorization, delegation of privileges is important, however, current delegation mechanisms have problems when the delegation crosses a boundary of security domains. We propose a solution which refers to security information of other security domains through a directory service.
| Type: | Article |
|---|---|
| Title: | Authorization with Security Attributes and Privilege Delegation - Access Control beyond the ACL |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1016/S0140-3664(97)00027-3 |
| Publisher version: | https://doi.org/10.1016/S0140-3664(97)00027-3 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Authorization, Privilege, Delegation, Privilege attribute certificate, Access control decision function |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10077644 |
Archive Staff Only
 |
View Item |
