A Classification of Delegation Schemes for Attribute Authority

Seitz, Ludwig and Rissanen, Erik and Sadighi, Babak (2007) A Classification of Delegation Schemes for Attribute Authority. In: Formal Aspects in Security and Trust. Lecture Notes in Computer Science; 4691 . Springer, pp. 158-169.

Full text not available from this repository.


Recently assertions have been explored as a generalisation of certificates within access control. Assertions are used to link arbitrary attributes (e.g. roles, security clearances) to arbitrary entities (e.g. users, resources). These attributes can then be used as identifiers in access control policies to refer to groups of users or resources. In many applications attribute management does not happen within the access control system. External entities manage attribute assignments and issue assertions that are then used in the access control system. Some approaches also allow for the delegation of attribute authority, in order to spread the administrative workload. In such systems the consumers of attribute assertions issued by a delegated authority need a delegation verification scheme. In this article we propose a classification for schemes that allow to verify delegated authority, with a focus on attribute assertion. Using our classification, one can deduce some advantages and drawbacks of different approaches to delegated attribute assertion. This work was carried out during the tenure of an ERCIM “Alain Bensoussan” Fellowship Programme.

Item Type:Book Section
Additional Information:Also appeared in The fourth international Workshop on Formal Aspects in Security and Trust (FAST2006), 26-27 August 2006, Hamilton, Ontario, Canada.
ID Code:317
Deposited By:Vicki Carleson
Deposited On:04 Apr 2008
Last Modified:18 Nov 2009 15:56

Repository Staff Only: item control page