Role Based Access Control (RBAC) and Access Control List (ACL) are the most commonly adopted access control mechanisms in traditional centralized computing environment. Nowadays people frequently work in a highly dynamic and distributed computing environment, in which two or more heterogeneous systems do not share the same security domain. Traditional access control mechanisms that require pre-registration become obsolete. Electronic credential based distributed access control turns out to be the best solution to the current situation. We adopt three kinds of certificates in the solution: attribute certificate, capability certificate and delegation certificate. A language is required to delineate a unified certificate format and to enable administrators to define the trust relationships between e-strangers. We present a policy language, Z-Trust Language, to meet this end. Administrators can finely manage privileges assigned to individual users with the Language. A java program has also been developed as the compliance checker.
[1]
K. Frawley,et al.
Update on the Medical Records Confidentiality Act of 1995.
,
1996,
Journal of AHIMA.
[2]
Pearl Brereton,et al.
Using Web service technologies to create an information broker: an experience report
,
2004,
Proceedings. 26th International Conference on Software Engineering.
[3]
David W. Chadwick,et al.
The PERMIS X.509 role based privilege management infrastructure
,
2002,
SACMAT '02.
[4]
Joan Feigenbaum,et al.
The Role of Trust Management in Distributed Systems Security
,
2001,
Secure Internet Programming.
[5]
Sun Meifeng,et al.
KeyNote Trust Management System
,
2002
.
[6]
Tim Moses,et al.
EXtensible Access Control Markup Language (XACML) version 1
,
2003
.