Published: December 10, 1999
Author(s)
Konstantin Benznosov (FIU), Yi Deng (FIU), Bob Blakley (DASCOM), Carol Burt (2AB), John Barkley (NIST)
Conference
Name: 15th Annual Computer Security Applications Conference, 1999 (ACSAC '99)
Dates: 12/06/1999 - 12/10/1999
Location: Phoenix, Arizona, United States
Citation: Proceedings. 15th Annual Computer Security Applications Conference, 1999 (ACSAC '99), pp. 10
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those policies and factors are. It also enables elaborate and consistent access control policies across heterogeneous systems. We present the design of a service for resource access authorization in distributed systems. The service enables one to decouple authorization logic from application functionality. Although the described service is based on CORBA technology, the design approach can be successfully used in any distributed computing environment.
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those...
See full abstract
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those policies and factors are. It also enables elaborate and consistent access control policies across heterogeneous systems. We present the design of a service for resource access authorization in distributed systems. The service enables one to decouple authorization logic from application functionality. Although the described service is based on CORBA technology, the design approach can be successfully used in any distributed computing environment.
Hide full abstract
Keywords
access control; authorization; distributed object management; logic design
Control Families
None selected