A Use-Condition Centered Approach to Authenticated Global Capabilities: Security Architectures for Large-Scale Distributed Collaboratory Environments

A Use-Condition Centered Approach to Authenticated Global Capabilities: Security Architectures for Large-Scale Distributed Collaboratory Environments (1996)

Cached

Download Links

by William Johnston , Case Larsen

Citations:

BibTeX

@MISC{Johnston96ause-condition,
    author = {William Johnston and Case Larsen},
    title = {A Use-Condition Centered Approach to Authenticated Global Capabilities: Security Architectures for Large-Scale Distributed Collaboratory Environments},
    year = {1996}
}

Bookmark

OpenURL

Abstract

We are developing a security model and architecture that is intended to provide general, scalable, and effective security services in open and highly distributed network environments. Our objective is to provide, especially for on-line scientific instrument systems, the same level of, and expressiveness of, access control that is available to a local human controller of information and facilities, and the same authority, delegation, individual responsibility and accountability, and expressiveness of policy that one sees in specific environments in scientific organizations. Our model is based on a public-key infrastructure and cryptographically signed certificates that encode use-conditions that are defined by those directly responsible for a resource. Certificates that encode user characteristics that satisfy the use-conditions are supplied by those who can attest to the characteristic. The collection of certificates specifying use-conditions and their satisfaction are combined with on...

Citations

742	Decentralized trust management - Blaze, Feigenbaum, et al. - 1996
228	Generic Security Service Application Program Interface - LINN - 2000
30	Privacy Enhancement for Internet Electronic - KENT - 1993
14	A new approach to the X.509 framework: allowing global authentication without a global trust model - Mendes, Huitema - 1995
12	Asymmetric encryption: evolution and enhancements - Johnson, Matyas - 1996
12	The SSH (Secure Shell) Remote Login Protocol. Internet draft, The Internet Engineering Task Force, Network Working Group - Ylönen - 1995
10	Generalized certificates - Ellison - 1996
7	The Virtual Laboratory: Using Networks to Enable Widely - Johnston, Agarwal - 1994
7	The kerberos version 5 GSS-API mechanism - Linn - 1964
3	ECMA-219: Authentication and privilege attribute security application with related key distribution functions, 1st edition - ECMA - 1994
3	A Secure European System for Applications in a Multi-vendor Environment, http://www.esat.kuleuven.ac.be/cosic/sesame - SESAME - 1997
2	IDUP and SPKM: Developing public-key-based APIs and mechanisms for communication security services - Adams - 1996
2	Introduction to cryptographic standards - Ankney
2	Security in Open Systems - Data Elements and Service Definitons", ECMA-138 - ECMA - 1989
2	Zurko. Authorization for distributed applications and groups - Hurley, Meta, et al. - 1996
2	Available at ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-10.asc. This describes a syntax for public-key certification requests - PKCS - 1993
2	Web Consortium. Platform for internet content selection - Wide - 1996
1	Information security - transforming the global marketplace (a panel discussion - Gary, Anderson, et al. - 1996
1	The Kaiser - Kaiser, LBNL, et al. - 1995
1	The Distributed-Parallel Storage System (DPSS) home page - LBNL - 1996
1	RSA labs' Frequently Asked Questions about todays' cryptography v3.0 - RSA - 1996
1	Security in computer networks. Available at http://www.zurich.ibm.com/pub/sti/www/g-kk/sirene/index.html. See also http://www.zurich.ibm.com/pub/sti/www/g-kk/sirene/pointers.html - SIRENE
1	LBNL image library - Thompson, Johnston - 1996
1	SSLeay implementation of the SSL protocol. Available at http://www.psy.uq.edu.au:8080/~ftp/Crypto. SSLeay is a free implementation of Netscape's Secure Socket Layer - the software encryption protocol behind the Netsite Secure Server and the Netscape Brows - Young
1	SPKM: Developing public-key-based APIs and mechanisms for communication security services - IDUP - 1996
1	ImgLib "LBNL Image Library - Thompson, Johnston - 1995
1	Netscape Communications Co. http://www.netscape.com/newsref/ref/128bit.html Lawrence Berkeley National Laboratory WEJohnston@lbl.gov 29 August 8 - Chen - 1997