{"title":"接收模式信任协商:通过外包交互进行有效授权","authors":"A. Adams, Adam J. Lee, D. Mossé","doi":"10.1145/1966913.1966973","DOIUrl":null,"url":null,"abstract":"In trust negotiation approaches to authorization, previously unacquainted entities establish trust in one another gradually via the bilateral and iterative exchange of policies and digital credentials. Although this affords resource providers with an expressive means of access control for open systems, the trust negotiation process incurs non-trivial computational and communications costs. In this paper, we propose Receipt-Mode Trust Negotiation (RMTN) as a means of mitigating the performance penalties on servers that use trust negotiation. RMTN provides a means of off-loading the majority of the trust negotiation process to delegated receipt-generating helper servers. RMTN ensures that helpers produce correct trust negotiation protocol receipts, and that the helpers are incapable of impersonating the resource server outside of the RMTN protocol. We describe an initial implementation of our RMTN protocol on a Linux testbed, discuss the security of this protocol, and present experimental results indicating that the receipt-mode protocol does indeed enhance the performance of resource servers that rely on trust negotiation approaches to authorization.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Receipt-mode trust negotiation: efficient authorization through outsourced interactions\",\"authors\":\"A. Adams, Adam J. Lee, D. Mossé\",\"doi\":\"10.1145/1966913.1966973\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In trust negotiation approaches to authorization, previously unacquainted entities establish trust in one another gradually via the bilateral and iterative exchange of policies and digital credentials. Although this affords resource providers with an expressive means of access control for open systems, the trust negotiation process incurs non-trivial computational and communications costs. In this paper, we propose Receipt-Mode Trust Negotiation (RMTN) as a means of mitigating the performance penalties on servers that use trust negotiation. RMTN provides a means of off-loading the majority of the trust negotiation process to delegated receipt-generating helper servers. RMTN ensures that helpers produce correct trust negotiation protocol receipts, and that the helpers are incapable of impersonating the resource server outside of the RMTN protocol. We describe an initial implementation of our RMTN protocol on a Linux testbed, discuss the security of this protocol, and present experimental results indicating that the receipt-mode protocol does indeed enhance the performance of resource servers that rely on trust negotiation approaches to authorization.\",\"PeriodicalId\":72308,\"journal\":{\"name\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1966913.1966973\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1966913.1966973","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Receipt-mode trust negotiation: efficient authorization through outsourced interactions
In trust negotiation approaches to authorization, previously unacquainted entities establish trust in one another gradually via the bilateral and iterative exchange of policies and digital credentials. Although this affords resource providers with an expressive means of access control for open systems, the trust negotiation process incurs non-trivial computational and communications costs. In this paper, we propose Receipt-Mode Trust Negotiation (RMTN) as a means of mitigating the performance penalties on servers that use trust negotiation. RMTN provides a means of off-loading the majority of the trust negotiation process to delegated receipt-generating helper servers. RMTN ensures that helpers produce correct trust negotiation protocol receipts, and that the helpers are incapable of impersonating the resource server outside of the RMTN protocol. We describe an initial implementation of our RMTN protocol on a Linux testbed, discuss the security of this protocol, and present experimental results indicating that the receipt-mode protocol does indeed enhance the performance of resource servers that rely on trust negotiation approaches to authorization.