publication . Conference object . Article . 2002

The PERMIS X.509 role based privilege management infrastructure

David Chadwick; Otenko, A.;
Open Access
  • Published: 01 Jun 2002
  • Publisher: ACM Press
  • Country: United Kingdom
Abstract
This paper describes the output of the PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 attribute certificate, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and ...
Subjects
free text keywords: QA76
Related Organizations

[1] Adams, C., Lloyd, S. (1999). “Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations”. Macmillan Technical Publishing, 1999

[2] Austin, T. “PKI, A Wiley Tech Brief”, John Wiley and Son, ISBN: 0-471-35380-9, 2000

[3] Blaze, M., Feigenbaum, J., Ioannidis, J. “The KeyNote Trust-Management System Version 2”, RFC 2704, September 1999.

[4] Chadwick, D.W., Otenko, A. “RBAC Policies in XML for X.509 Based Privilege Management” to be presented at SEC 2002, Egypt, May 2002 [OpenAIRE]

[5] Damianou, N., Dulay, N., Lupu, E., Sloman, M. “The Ponder Policy Specification Language”, Proc Policy 2001, Workshop on Policies for Distributed Systems and Networks, Bristol, UK 29-31 Jan 2001, Springer-Verlag LNCS 1995, pp 18-39 [OpenAIRE]

[6] Housley, R., Polk, T. “Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure”. John Wiley and Son, ISBN: 0-471-39702-4, 2001

[7] ITU-T Rec. X.509 (2000) | ISO/IEC 9594-8 The Directory: Authentication Framework

[8] ITU-T Rec X.812 (1995) | ISO/IEC 10181-3:1996 “Security Frameworks for open systems: Access control framework

[9] Sandhu, R. and Samarati, P. “Access controls, principles and practice”. IEEE Communications, 32(9), pp 40-48, 1994

[10] Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E. “Role Based Access Control Models”. IEEE Computer 29, 2 (Feb 1996), p38-43.

[11] The Open Group. “Authorization (AZN) API”, January 2000, ISBN 1-85912-266-3

Powered by OpenAIRE Research Graph
Any information missing or wrong?Report an Issue