支持分布式访问控制策略的框架

10th IEEE Symposium on Computers and Communications (ISCC'05) Pub Date : 2005-06-27 DOI:10.1109/ISCC.2005.10

Wei Zhou, C. Meinel, V. Raja

{"title":"支持分布式访问控制策略的框架","authors":"Wei Zhou, C. Meinel, V. Raja","doi":"10.1109/ISCC.2005.10","DOIUrl":null,"url":null,"abstract":"In this paper we describe a mechanism for managing authorisation policies in distributed environments. This mechanism is based on public key infrastructure (PKI) and privilege management infrastructure (PMI). In our approach each domain comprises a root policy and some subordinate authorisation policies. The root policy specifies how to use the subordinate policies. The subordinate policies describe the access control rules that are used for making access control decisions. The subordinate policies can be defined and managed independently and dynamically loaded into the access control system at runtime. All these policies are stored in X.509 attribute certificates (ACs), thus guaranteeing their integrity. The AC that holds root policy is co-located with access control system; the ACs that holds subordinate policies can be distributed. In the root policy we use policy schemes, policy sub-schemes and policy hierarchies to manage the subordinate policies; because they make the policy management flexible and easy.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A framework for supporting distributed access control policies\",\"authors\":\"Wei Zhou, C. Meinel, V. Raja\",\"doi\":\"10.1109/ISCC.2005.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we describe a mechanism for managing authorisation policies in distributed environments. This mechanism is based on public key infrastructure (PKI) and privilege management infrastructure (PMI). In our approach each domain comprises a root policy and some subordinate authorisation policies. The root policy specifies how to use the subordinate policies. The subordinate policies describe the access control rules that are used for making access control decisions. The subordinate policies can be defined and managed independently and dynamically loaded into the access control system at runtime. All these policies are stored in X.509 attribute certificates (ACs), thus guaranteeing their integrity. The AC that holds root policy is co-located with access control system; the ACs that holds subordinate policies can be distributed. In the root policy we use policy schemes, policy sub-schemes and policy hierarchies to manage the subordinate policies; because they make the policy management flexible and easy.\",\"PeriodicalId\":315855,\"journal\":{\"name\":\"10th IEEE Symposium on Computers and Communications (ISCC'05)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"10th IEEE Symposium on Computers and Communications (ISCC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC.2005.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th IEEE Symposium on Computers and Communications (ISCC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2005.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

在本文中，我们描述了一种在分布式环境中管理授权策略的机制。该机制基于公钥基础设施(PKI)和特权管理基础设施(PMI)。在我们的方法中，每个域包含一个根策略和一些从属授权策略。根策略指定如何使用下级策略。下级策略描述用于做出访问控制决策的访问控制规则。下级策略可以独立定义和管理，并在运行时动态加载到访问控制系统中。所有这些策略都存储在X.509属性证书(ac)中，从而保证了它们的完整性。持有根策略的AC与访问控制系统位于同一位置;拥有从属策略的ac可以被分发。在根策略中，我们使用策略方案、策略子方案和策略层次来管理下级策略;因为它们使策略管理变得灵活和容易。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A framework for supporting distributed access control policies

In this paper we describe a mechanism for managing authorisation policies in distributed environments. This mechanism is based on public key infrastructure (PKI) and privilege management infrastructure (PMI). In our approach each domain comprises a root policy and some subordinate authorisation policies. The root policy specifies how to use the subordinate policies. The subordinate policies describe the access control rules that are used for making access control decisions. The subordinate policies can be defined and managed independently and dynamically loaded into the access control system at runtime. All these policies are stored in X.509 attribute certificates (ACs), thus guaranteeing their integrity. The AC that holds root policy is co-located with access control system; the ACs that holds subordinate policies can be distributed. In the root policy we use policy schemes, policy sub-schemes and policy hierarchies to manage the subordinate policies; because they make the policy management flexible and easy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

10th IEEE Symposium on Computers and Communications (ISCC'05)

自引率

0.00%

发文量

期刊最新文献

Message from the Technical Program Chairs Modular reference implementation of an IP-DSLAM Towards flexible authorization management An energy-aware medium-access-control protocol with frequent sleeps for wireless sensor networks A QoS approach to hybrid TDMA with heuristic traffic shaping for time critical application environments