Abstract | ||
---|---|---|
We have implemented and deployed an access control mechanism that uses digitally-signed certificates to define and enforce an access policy for a set of distributed resources that have multiple, independent and geographically dispersed stakeholders. The stakeholders assert their access requirements in use-condition certificates and designate those trusted to attest to the corresponding user attributes. Users are identified by X.509 identity certificates. During a request to use a resource, a policy engine collects all the relevant certificates and decides if the user satisfies all the requirements. This paper describes the model, architecture and implementation of this system. It also includes some preliminary performance measurements and our plans for future development of the system. |
Year | Venue | Keywords |
---|---|---|
1999 | USENIX Security | digitally-signed certificate,identity certificate,policy engine,certificate-based access control,access policy,access requirement,future development,corresponding user attribute,preliminary performance measurement,access control mechanism,relevant certificate,satisfiability,distributed computing environment,access control |
Field | DocType | Citations |
Architecture,Computer science,Computer security,Access control,Database,Certificate | Conference | 131 |
PageRank | References | Authors |
21.22 | 7 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mary R. Thompson | 1 | 489 | 66.47 |
William Johnston | 2 | 131 | 21.22 |
Srilekha Mudumbai | 3 | 315 | 43.88 |
Gary Hoo | 4 | 179 | 31.29 |
Keith Jackson | 5 | 131 | 21.22 |
Abdelilah Essiari | 6 | 355 | 36.08 |