Sciweavers

ACSW
2006

A method for access authorisation through delegation networks

14 years 25 days ago
A method for access authorisation through delegation networks
Owners of systems and resources usually want to control who can access them. This must be based on having a process for authorising certain parties, combined with mechanisms for enforcing that only authorised parties are actually able to access those systems and resources. In distributed systems, the authorisation process can include negative authorisation (e.g. black listing), and delegation of authorisation rights, which potentially can lead to conflicts. This paper describes a method for giving authorisations through a delegation network, and where each delegation and authorisation is expressed in the form of a belief measure. An entity's total authorisation for a given resource object and access type can be derived by analysing the delegation network using subjective logic. Access decisions are made by comparing the derived authorisation measure with required threshold levels, which makes authorisations non-categorical. By setting the threshold level higher than the assigned ...
Audun Jøsang, Dieter Gollmann, Richard Au
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2006
Where ACSW
Authors Audun Jøsang, Dieter Gollmann, Richard Au
Comments (0)