Using trust and risk in role-based access control policies

10 years 5 months ago
Using trust and risk in role-based access control policies
Emerging trust and risk management systems provide a framework for principals to determine whether they will exchange resources, without requiring a complete definition of their credentials and intentions. Most distributed access control architectures have far more rigid policy rules, yet in many respects aim to solve a similar problem. This paper elucidates the similarities between trust management and distributed access control systems by demonstrating how the OASIS access control system and its rˆole-based policy language can be extended to make decisions on the basis of trust and risk analyses rather than on the basis of credentials alone. We apply our new model to the prototypical example of a file storage and publication service for the Grid, and test it using our Prologbased OASIS implementation. Categories and Subject Descriptors C.2.4 [Computer-Communication Networks]: Distributed Systems; D.4.6 [Operating Systems]: Security and Protection—access controls General Terms S...
Nathan Dimmock, András Belokosztolszki, Dav
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Authors Nathan Dimmock, András Belokosztolszki, David M. Eyers, Jean Bacon, Ken Moody
Comments (0)