Distributed proof systems for cross-domain authorization
[minami:handbook]Kazuhiro Minami and David Kotz. Distributed proof systems for cross-domain authorization. Information Assurance, Security and Privacy Services, chapter 1. Edited by H. Raghav Rao and Shambhu Upadhyaya. Volume 4 in Handbooks in Information Systems, Emerald Group Publishing Limited, 2009. ISBN13: 9781848551947. ©Copyright Emerald Group Publishing Limited.
The ability to access information resources across organizational boundaries is vital for today’s corporate, military, and educational organizations, which must be able to quickly pool their resources to respond to opportunities and threats. Since each organization protects its resources with its local authorization policies, we need mechanisms for cross-domain authorization to achieve information sharing among multiple organizations. Unfortunately, traditional identity-based authorization approaches are impractical, because the identity of a requester is not a useful clue for authorization in a decentralized environment. Many distributed authorization schemes, therefore, consider a requester’s properties (e.g., employer and physical location) to make an authorization decision and use a logic-based approach to specify authorization policies in a flexible way. Such a distributed proof system makes an authorization decision by constructing a proof with information provided by different entities in a distributed environment. In this chapter, we provide an overview of distributed proof systems for cross-domain authorization, while covering major language constructs and proof-constructing algorithms, and introduce an emerging issue of protecting confidential policies and credentials (facts) in a distributed proof system involving multiple security domains since it is unlikely that a principal in one security domain is willing to release all its local information to any principal in other domains. We finally describe our distributed proof system for cross-domain authorization in detail and show how our cryptographic protocol allows mutually untrusted principals to construct a proof in a decentralized way while preserving each principal’s security policies.
Citable with [BibTeX]
Keywords: [context-aware] [security]
Available from the publisher: [page]
Available from the author:
Please obtain a copy from the publisher.