Back to Tuomas Aura's home page

Distributed Access-Rights Management with Delegation Certificates

Tuomas Aura
Helsinki University of Technology, FIN-02015 HUT, Finland


New key-oriented discretionary access control systems are based on delegation of access rights with public-key certificates. This paper explains the basic idea of delegation certificates in abstract terms and discusses their advantages and limitations. We emphasize decentralization of authority and operations. The discussion is based mostly on the SPKI certificates but we avoid touching implementation details. We also describe how threshold and conditional certificates can add flexibility to the system. Examples are given of access control between intelligent networks services.

Full paper in Postscript Copyright Springer 1999.

  author = 	 "Tuomas Aura",
  title = 	 "Distributed access-rights management with delegation
  booktitle =	 "Secure Internet Programming: Security Issues for
		  Distributed and Mobile Objects",
  publisher =	 "Springer",
  year =	 1999,
  editor =	 "J. Vitek and C. Jensen",
  volume = 	 "1603",
  series =	 "LNCS",
  pages = 	 "211--235"