Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Physical Sciences and Mathematics
End-To-End Authorization, Jon Howell, David Kotz
End-To-End Authorization, Jon Howell, David Kotz
Dartmouth Scholarship
Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. \par We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system …
Restricted Delegation: Seamlessly Spanning Administrative Boundaries, Jon Howell, David Kotz
Restricted Delegation: Seamlessly Spanning Administrative Boundaries, Jon Howell, David Kotz
Dartmouth Scholarship
Historically and currently, access control and authentication is managed through ACLs. Examples include:
• the list of users in /etc/password, the NIS passwd map, or an NT domain
• permissions on Unix files or ACLs on NT objects
• a list of known hosts in .ssh/known hosts
• a list of IP addresses in .rhosts (for rsh) or .htaccess (http)
The limitations of ACLs always cause problems when spanning administrative domains (and often even inside administrative domains). The best example is the inability to express transitive sharing. Alice shares read access to object X with Bob (but not access to …