Kirstein, P;
(1997)
Authorization with Security Attributes and Privilege Delegation - Access Control beyond the ACL.
Computer Communications
, 20
(5)
pp. 376-384.
10.1016/S0140-3664(97)00027-3.
Preview |
Text
150.pdf - Accepted Version Download (10MB) | Preview |
Abstract
This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implementation of an information server which adopts the new scheme. As a part of authorization, delegation of privileges is important, however, current delegation mechanisms have problems when the delegation crosses a boundary of security domains. We propose a solution which refers to security information of other security domains through a directory service.
Type: | Article |
---|---|
Title: | Authorization with Security Attributes and Privilege Delegation - Access Control beyond the ACL |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1016/S0140-3664(97)00027-3 |
Publisher version: | https://doi.org/10.1016/S0140-3664(97)00027-3 |
Language: | English |
Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
Keywords: | Authorization, Privilege, Delegation, Privilege attribute certificate, Access control decision function |
UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/10077644 |
Archive Staff Only
View Item |