Sciweavers

JCS
2007

Risk management for distributed authorization

14 years 10 days ago
Risk management for distributed authorization
Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements, for example some actors may be less trusted than others. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic based on the system RT that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization, and authorization risk thresholds to be precisely specified and enforced. We also develop an algorithm for automatic authorization in a distributed environment, that is directed by risk considerations. A variety of practical applications are discussed.
Christian Skalka, Xiaoyang Sean Wang, Peter C. Cha
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where JCS
Authors Christian Skalka, Xiaoyang Sean Wang, Peter C. Chapin
Comments (0)