论文信息 - Proxy-based authorization and accounting for distributed systems

Proxy-based authorization and accounting for distributed systems

A unified model is presented for authentication, authorization, and accounting that is based on proxies. It is shown that the proxy model for authorization can be used to support a wide range of authorization and accounting mechanisms. The proxy model strikes a balance between access-control-list anti capability-based mechanisms, allowing each to be used where appropriate and allowing their use in combination. The author describes how restricted proxies can be supported using existing authentication methods.<<ETX>>

B. Clifford Neuman | B. C. Neuman

[1] Paul A. Karger. Authentication and discretionary access control in computer networks , 1986, Comput. Secur..

[2] Morrie Gasser,et al. An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3] Morrie Gasser,et al. The Digital Distributed System Security Architecture , 1989 .

[4] Jerome H. Saltzer,et al. Section E.2.1 Kerberos Authentication and Authorization System , 1988 .

[5] Jeffrey I. Schiller,et al. An Authentication Service for Open Network Systems. In , 1998 .

[6] Andrew S. Tanenbaum,et al. The Design of a Capability-Based Distributed Operating System , 1986, Comput. J..

[7] Joseph N. Pato,et al. Extending the OSF DCE Authorization System to Support Practical Delegation , 1993 .

[8] Karen R. Sollins,et al. Cascaded authentication , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[9] Roger M. Needham,et al. Grapevine: an exercise in distributed computing , 1982, CACM.