Abstract | ||
---|---|---|
The Internet enables connectivity between many strangers - entities that do not know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow complex policies, e.g. non-monotone (negative) certificates, while being simple enough to allow automated policy checking and processing. Issuers of certificates either are known in advance, or provide sufficient certificates to be considered a trusted authority according to the policy. This allows bottom-up, 驴grass roots驴 buildup of trust, as in the real world.We extend, rather than replace, existing role-based access control mechanisms. This provides a simple, modular architecture and easy migration from existing systems.Our system automatically collects missing certificates from peer servers. In particular, this allows use of standard browsers, which pass only one certificate to the server. We describe our implementation, which can be used as an extension of a web server or as a separate server with interface to applications. |
Year | DOI | Venue |
---|---|---|
2000 | 10.1109/SECPRI.2000.848442 | IEEE Symposium on Security and Privacy |
Keywords | Field | DocType |
x.509.,complex policy,public key certificates,assigning roles,separate server,web server,access control meets public,trust management,automated policy checking,missing certificate,key infrastructure,grass root,modular architecture,logic programming,role based access control,authentication,predefined business role,easy migration,key management,trust policy language,internet,message authentication,electronic commerce,certification,file servers,x 509,public key certificate,public key,authorisation,public key infrastructure,bottom up,business,public key cryptography,access control | Public key infrastructure,Key management,World Wide Web,Internet privacy,Computer security,Computer science,Server,Certificate authority,Role-based access control,Access control,Certificate,Web server | Conference |
ISSN | ISBN | Citations |
1081-6011 | 0-7695-0665-8 | 195 |
PageRank | References | Authors |
27.95 | 6 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Amir Herzberg | 1 | 2877 | 353.46 |
Yosi Mass | 2 | 574 | 60.91 |
Joris Michaeli | 3 | 195 | 27.95 |
Yiftach Ravid | 4 | 318 | 62.48 |
Dalit Naor | 5 | 1084 | 105.18 |