Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
A Method for Access Authorisation Through Delegation Networks
Josang, A., Gollmann, D. and Au, R.
Owners of systems and resources usually want to control who can access them. This must be based on having a process for authorising certain parties, combined with mechanisms for enforcing that only authorised parties are actually able to access those systems and resources. In distributed systems, the authorisation process can include negative authorisation (e.g. black listing), and delegation of authorisation rights, which potentially can lead to conflicts. This paper describes a method for giving authorisations through a delegation network, and where each delegation and authorisation is expressed in the form of a belief measure. An entity's total authorisation for a given resource object and access type can be derived by analysing the delegation network using subjective logic. Access decisions are made by comparing the derived authorisation measure with required threshold levels, which makes authorisations non-categorical. By setting the threshold level higher than the assigned measure of a single authorisation, it is possible to require multiple authorisations for accessing specific resources. The model is simple, intuitive and algebraic.
Cite as: Josang, A., Gollmann, D. and Au, R. (2006). A Method for Access Authorisation Through Delegation Networks. In Proc. Fourth Australasian Information Security Workshop (Network Security) (AISW 2006), Hobart, Australia. CRPIT, 54. Safavi-Naini, R., Steketee, C. and Susilo, W., Eds. ACS. 165-174.
(from crpit.com)
(local if available)
