USENIX Technical Program - Abstract - Security Symposium 99
Certificate-based Access Control for Widely Distributed Resources
Mary Thompson, William Johnston, Srilekha Mudumbai, Gary Hoo, Keith Jackson, and Abdelilah Essiari, Information and Computing Sciences Division, Ernest Orlando Lawrence Berkeley National Laboratory
We have implemented and deployed an access control mechanism that uses
digitally-signed certificates to define and enforce an access policy
for a set of distributed resources that have multiple, independent and
geographically dispersed stakeholders. The stakeholders assert their
access requirements in use-condition certificates and designate those
trusted to attest to the corresponding user attributes. Users are
identified by X.509 identity certificates. During a request to use a
resource, a policy engine collects all the relevant certificates and
decides if the user satisfies all the requirements. This paper
describes the model, architecture and implementation of this system.
It also includes some preliminary performance measurements and our
plans for future development of the system.
- View the full text of this paper in
HTML form and PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.