In new key-oriented access control systems, access rights are delegated from key to key with chains of signed certificates. This paper describes an efficient graph-search technique for making authorization decisions from certificate databases. The design of the algorithm is based on conceptual analysis of typical delegation network structure and it works well with threshold certificates. Experiments with generated certificate data confirm that it is feasible to find paths of delegation in large certificate sets. The algorithm is an essential step towards efficient implementation of key-oriented access control.
Full paper in Postscript (Copyright Springer Verlag)
@InProceedings{Aura98b,
author = {Tuomas Aura},
title = {Fast access control decisions from
delegation certificate databases},
booktitle = {Proc. 3rd Australasian Conference on Information
Security and Privacy ACISP '98},
volume = {1438},
series = {LNCS},
year = 1998,
publisher = {Springer Verlag},
month = jul,
address = {Brisbane, Australia},
pages = {284--295}
}