Chadwick, David W and Otenko, Sassa and Nguyen, Tuan Anh (2009) Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority. International Journal of Information Security, 8 (2). pp. 182-196.
|PDF - Accepted Version|
Abstract. We describe adding support for dynamic delegation of authority between users in multiple administrative domains, to the XACML model for authorisation decision making. Delegation of authority is enacted via the issuing of credentials from one user to another, and follows the role based access control model. We present the problems and requirements that such a delegation model demands, the policy elements that are necessary to control the delegation chains and a description of the architected solution. We propose a new conceptual entity called the Credential Validation Service (CVS) to work alongside the XACML PDP. We describe our implementation of the CVS and present performance measurements for validating delegated chains of credentials.
|Uncontrolled keywords:||determinacy analysis, Craig interpolants|
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||David Chadwick|
|Date Deposited:||21 Sep 2012 09:49|
|Last Modified:||25 Oct 2012 15:14|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/30605 (The current URI for this page, for reference purposes)|
- Depositors only (login required):