The PERMIS X.509 Role Based Privilege Management Infrastructure

Chadwick, David W. and Otenko, A. (2002) The PERMIS X.509 Role Based Privilege Management Infrastructure. In: Proc 7th ACM Symposium On Access Control Models And Technologies (SACMAT 2002), Monterey, USA, June 2002, California, USA. (Full text available)

PDF
Download (47kB)
[img]
Preview

Abstract

This paper describes the output of the PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 attribute certificate, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs attribute certificates and stores them in an LDAP directory for subsequent use by the ADF.

Item Type: Conference or workshop item (Paper)
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:00
Last Modified: 06 Sep 2011 01:16
Resource URI: http://kar.kent.ac.uk/id/eprint/13778 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year