Chadwick, David W. and Otenko, A. (2003) The PERMIS X.509 Role Based Privilege Management Infrastructure. Future Generation Computer Systems, 19 (2). pp. 277-289. ISSN 0167-739X .
|The full text of this publication is not available from this repository. (Contact us about this Publication)|
This paper describes the EC PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||Mark Wheadon|
|Date Deposited:||24 Nov 2008 18:01|
|Last Modified:||21 May 2011 23:55|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/14008 (The current URI for this page, for reference purposes)|
- Depositors only (login required):