SODA

Constrained delegation

Bandmann, Olav and Dam, Mads and Sadighi, Babak (2002) Constrained delegation. In: Proceedings of IEEE Symposium on Security and Privacy, 12-15 May 2002, Berkeley, California, USA.

[img]
Preview
PDF
122Kb
[img]
Preview
Postscript
160Kb

Abstract

Sometimes it is useful to be able to separate between the management of a set of resources, and the access to the resources themselves. Current accounts of delegation do not allow such distinctions to be easily made, however. We introduce a new model for delegation to address this issue. The approach is based on the idea of controlling the possible shapes of delegation chains. We use constraints to restrict the capabilities at each step of delegation. Constraints may reflect e.g. group memberships, timing constraints, or dependencies on external data. Regular expressions are used to describe chained constraints. We present a number of example delegation structures, based on a scenario of collaborating organisations.

Item Type:Conference or Workshop Item (Paper)
ID Code:2927
Deposited By:INVALID USER
Deposited On:11 Jul 2008
Last Modified:18 Nov 2009 16:16

Repository Staff Only: item control page