Delegation in distributed systems: challenges and open issues

New DAC and RBAC certificate-oriented access control systems are based on delegation of privileges. In this paper, we present a survey of different issues related to certificate-based delegation, such as management structures, authority and ownership, anonymity, certificate distribution, and revocation.

[1]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[2]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[3]  Sushil Jajodia,et al.  Revocations - A classification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[4]  Ninghui Li,et al.  Distributed credential chain discovery in trust management: extended abstract , 2001, CCS '01.

[5]  Mads Dam,et al.  Constrained delegation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[6]  Vijay Varadharajan,et al.  Resolving Conflicts in Authorization Delegations , 2002, ACISP.

[7]  Tuomas Aura,et al.  On the structure of delegation networks , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[8]  Marek J. Sergot,et al.  Using Authority Certificates to Create Management Structures , 2001, Security Protocols Workshop.

[9]  Leon Gommans,et al.  AAA Authorization Framework , 2000, RFC.

[10]  Marek J. Sergot,et al.  Revocation schemes for delegated authorities , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[11]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[12]  Tuomas Aura,et al.  Fast Access Control Decisions from Delegation Certificate Databases , 1998, ACISP.

[13]  José M. Troya,et al.  Access Control Infrastructure for Digital Objects , 2002, ICICS.

[14]  David W. Chadwick,et al.  RBAC Policies in XML for X.509 Based Privilege Management , 2002, SEC.

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[16]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[17]  Erik Rissanen,et al.  Managing authorisations in dynamic coalitions , 2003 .

[18]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[19]  Carl A. Gunter,et al.  Policy‐directed certificate retrieval , 2000 .

[20]  Russ Housley,et al.  Delegated Path Validation and Delegated Path Discovery Protocol Requirements , 2001, RFC.

[21]  Óscar Cánovas,et al.  A Distributed Credential Management System for SPKI-based Delegation Systems , 2002 .

[22]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[23]  Tuomas Aura,et al.  Privacy and Accountability in Certificate Systems , 2000 .