Traditionally, certificates have been used to link a public key to a particular name identifying that key. However, public key certificates are digitally-signed statements which can be used in order to assert many other types of information. SPKI has become one of the most outstanding proposals referring to authorization, and several applications have been based on SPKI certificates in order to provide authorization services to well-known scenarios in distributed systems. Most of these scenarios are based on delegation, where resource guards have an ACL with few entries granting keys belonging to some authorization or naming authorities the right to delegate all access to the controlled resources. These authorities can issue certificates delegating these permissions to other subordinates authorities, or to specific users. In this way, the structure generated reflects the system management process. However, generation of these certificates usually is systemdependent. In this paper, we present a management system that can be used in all SPKI scenarios based on delegation. This system addresses some problems related to scalability, certificate distribution, and interoperability. We define how certification requests can be expressed, how different security policies can be enforced using this system, which are the entities involved in a certification scenario, and we propose a mechanism able to exchange authorization-related information among these entities.

Abstract not found

With the growing interest in service-oriented architectures, achieving seamless interoperability between heterogeneous middleware technologies has become increasingly important. While much work investigating functional interoperability between different middleware architectures has been reported, little practical work has been done on providing a unified and/or interoperable view of security between the different approaches. In this paper we describe how the Secure WebCom distributed architecture provides access control policy interoperability support between a number of middleware security architectures. Secure WebCom uses the KeyNote trust management system to help coordinate the trust relationships between the different middleware systems and their associated access control policies. Middleware authorisation policies can be encoded in terms of cryptographic certificates, and vice-versa. This provides a unified view of access control across heterogeneous middleware systems and also provides the basis for decentralised support of middleware access control policies.

This work presents an authentication and authorization model that results from the integration of the SPKI/SDSI infrastructure with CORBAsec. The paper presents the main facilities provided by the proposed model, showing the advantages of using the SPKI/SDSI infrastructure. CORBA provides to the model the advantages of interoperable distributed objects in heterogeneous environments. The idea defended in this paper is the better suitability of trust chains, as the SPKI/SDSI, with the characteristics of the world-wide network.