© University of Kent - Contact | Feedback | Legal | FOI | Cookies
The PERMIS X.509 role based privilege management infrastructure
D.W. Chadwick and A. Otenko
Future Generation Computer Systems, 19(2):182-196, February 2003.Abstract
This paper describes the EC PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.
Download publication 74 kbytes (PDF)Bibtex Record
@article{2109, author = {D.W. Chadwick and A. Otenko}, title = {The {PERMIS} {X.509} Role Based Privilege Management Infrastructure}, month = {February}, year = {2003}, pages = {182-196}, keywords = {determinacy analysis, Craig interpolants}, note = {}, doi = {}, url = {http://www.cs.kent.ac.uk/pubs/2003/2109}, publication_type = {article}, journal = {Future Generation Computer Systems}, volume = {19}, number = {2}, publisher = {Elsevier Science BV.}, externalurl = {Top Copy available from Elsevier ScienceDirect}, }