The authors look at the problem of delegation of rights or proxy in distributed object systems. Two signature-based schemes for achieving delegation which require different inter-object trust assumptions are presented. These schemes have been instantiated using public key and secret key based cryptographic techniques. Additional trust implications which arise from these implementations are also considered. Then the authors consider the issue of revocation of delegations and propose several ways of achieving this. These solutions have been compared with the mechanism found in the Distributed System Security Architecture (M. Gasser et al., 1990). Finally, the authors consider the Kerberos authentication system (J. Steiner et al., 1988) and propose extensions to implement the delegation scheme.<<ETX>>
[1]
Morrie Gasser,et al.
An architecture for practical delegation in a distributed system
,
1990,
Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[2]
Gustavus J. Simmons,et al.
Symmetric and Asymmetric Encryption
,
1979,
CSUR.
[3]
Jeffrey I. Schiller,et al.
An Authentication Service for Open Network Systems. In
,
1998
.
[4]
Paul A. Karger.
Authentication and discretionary access control in computer networks
,
1986,
Comput. Secur..
[5]
Karen R. Sollins,et al.
Cascaded authentication
,
1988,
Proceedings. 1988 IEEE Symposium on Security and Privacy.