Institutional Repository
| attribute-based authorization delegation model in multi-domain environments | |
| Wu Bin; Feng Deng-Guo | |
| 2011 | |
| Source | Ruan Jian Xue Bao/Journal of Software
 |
| ISSN | 10009825 |
| Volume | 22Issue:7Pages:1661-1675 |
| English Abstract | Traditional identifier-based authorization models are limited to having different authorization paths that will cause the inconsistency in propagation of permission. In addition, unauthorized entities may acquire illegal permission by such an identifier-based authorization path. In order to solve these two problems, an attribute-based authorization delegation model (ABADM), suitable for multi-domain environments is presented. In the ABADM model, the delegation of authority and the propagation of permission are all based on the attribute sets of entities, which ensure that the entities on the same credential chain have the same permission. The model integrates attribute-permission assignation policies inside autonomic domains and the interdomain attributes mapping model. The algorithm for calculating the attribute sets and permissions of entities in the multi-domain environments is proposed. The usage of the ABADM model is illustrated through a common example. © Copyright 2011, Institute of Software, the Chinese Academy of Sciences. |
| Abstract | 传统的基于实体标识的授权模型会导致由于授权路径的不一致而引起权限传播的不一致,并可能导致不合法的实体进入授权路径获得不应有的权限.针对以上两方面的问题,提出一个基于属性的授权委托模型ABADM(attribute-based authorization delegation model),将授权模型中权限的传递与权力的委托均建立在实体所具有的属性集合的基础之上,以属性集合作为实体自身的代表进行授权,从而确保拥有相同属性凭证链的实体其权限是一致的.模型将属性与访问权限进行明确区分,提出了域内属性权限分配策略和域间属性计算模型,通过两者的结合给出了在ABADM模型中计算实体所拥有的跨域属性集合和访问权限的方法,并结合具体实例对模型的使用进行了说明. |
| Keyword | 跨域授权 基于属性的委托 权限传播 信任管理 |
| Department | (1) State Key Laboratory of Information Security, Graduate University, The Chinese Academy of Sciences, Beijing 100049, China; (2) State Key Laboratory of Information Security, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China; (3) National Engineering and Research Centre of Information Security, Beijing 100190, China |
| Language | 中文 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/14061 |
| Collection | 信息安全国家重点实验室 |
| Recommended Citation GB/T 7714 | Wu Bin,Feng Deng-Guo. attribute-based authorization delegation model in multi-domain environments[J]. Ruan Jian Xue Bao/Journal of Software,2011,22(7):1661-1675. |
| APA | Wu Bin,&Feng Deng-Guo.(2011).attribute-based authorization delegation model in multi-domain environments.Ruan Jian Xue Bao/Journal of Software,22(7),1661-1675. |
| MLA | Wu Bin,et al."attribute-based authorization delegation model in multi-domain environments".Ruan Jian Xue Bao/Journal of Software 22.7(2011):1661-1675. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| attribute-based auth(298KB) | 开放获取 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment