Distributed Credential Chain Discovery in Trust Management

DMCA

Distributed Credential Chain Discovery in Trust Management (2001)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Ninghui Li , John C. Mitchell , William H. Winsborough

Citations:

196 - 30 self

BibTeX

@MISC{Li01distributedcredential,
    author = {Ninghui Li and John C. Mitchell and William H. Winsborough},
    title = {Distributed Credential Chain Discovery in Trust Management},
    year = {2001}
}

OpenURL

Abstract

We introduce a simple Role-based Trust-management language RT 0 and a set-theoretic semantics for it. We also introduce credential graphs as a searchable representation of credentials in RT 0 and prove that reachability in credential graphs is sound and complete with respect to the semantics of RT 0 . Based on credential graphs, we give goal-directed algorithms to do credential chain discovery in RT 0 , both when credential storage is centralized and when credential storage is distributed. A goal-directed algorithm begins with an access-control query and searches for credentials relevant to the query, while avoiding considering the potentially very large number of credentials that are unrelated to the access-control decision at hand. This approach provides better expected-case performance than bottom-up algorithms. We show how our algorithms can be applied to SDSI 2.0 (the "SDSI" part of SPKI/SDSI 2.0). Our goal

Keyphrases

credential chain discovery trust management credential graph goal-directed algorithm credential storage set-theoretic semantics expected-case performance bottom-up algorithm spki sdsi sdsi part simple role-based trust-management language rt searchable representation large number access-control query access-control decision

DMCA