Bandmann, Olav and Dam, Mads and Sadighi, Babak (2002) Constrained delegation. In: Proceedings of IEEE Symposium on Security and Privacy, 12-15 May 2002, Berkeley, California, USA.
Sometimes it is useful to be able to separate between the management of a set of resources, and the access to the resources themselves. Current accounts of delegation do not allow such distinctions to be easily made, however. We introduce a new model for delegation to address this issue. The approach is based on the idea of controlling the possible shapes of delegation chains. We use constraints to restrict the capabilities at each step of delegation. Constraints may reflect e.g. group memberships, timing constraints, or dependencies on external data. Regular expressions are used to describe chained constraints. We present a number of example delegation structures, based on a scenario of collaborating organisations.
|Item Type:||Conference or Workshop Item (Paper)|
|Deposited By:||INVALID USER|
|Deposited On:||11 Jul 2008|
|Last Modified:||18 Nov 2009 16:16|
Repository Staff Only: item control page