Abstract
This paper presents the approach of the distributed RBAC (DRBAC) access control of the multi-application delegated to the multi-user and multi-relying party federations. In our approach, DRBAC utilizes Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to serve the authentication and authorization. We propose the dynamic mapping scheme based on the Attribute Certification model in handling user identification, role assignment, and privilege delegation. To encourage distributedness, better scalability and performance, as well as ease of management and extension, Multi-Agent Systems concept is applied for the automation of the authentication, authorization and accountability functionalities. For the trust management of multiple PKI domains, we employ the Certificate Trust Lists (CTLs) model to make the different PKI domains can interoperate effectively. Finally, our ongoing implementation is demonstrated to prove our proposed model.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lee, D.-G., Kang, S.-I., Seo, D.-H., Lee, I.-Y.: Authentication for single/Multi domain in ubiquitous computing using attribute certification. In: Gavrilova, M.L., Gervasi, O., Kumar, V., Tan, C.J.K., Taniar, D., Laganá, A., Mun, Y., Choo, H. (eds.) ICCSA 2006. LNCS, vol. 3983, pp. 326–335. Springer, Heidelberg (2006)
Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization (April 2002), http://www.ietf.org/rfc/rfc3281.txt
Wang, X., Zhao, G., Zhang, X., Jin, B.: An Agent-Based Model For Web Services Transaction Processing. In: IEEE International Conference on e-Technology, e-Commerce, and e-Services (EEE 2005), pp. 186–189. IEEE Computer Society, China (2005)
Fugkeaw, S., Manpanpanich, P., Jantrapremjitt, S.: AmTRUE: Authentication Management and Trusted Role-based Authorization in Multi-Application and Multi-User Environment. In: IEEE International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2007). IEEE Computer Society, Spain (2007)
Thompson, W., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based access control for widely distributed resources. In: Proc. of the 8th USENIX Security Symposium, USA (1999)
ITU-T Rec. X.509, ISO/IEC 9594-8 The Directory: Authentication Framework (2000)
Chadwick, D.W., Otenko, A., Ball, E.: Role based access controls with X.509 attribute certificates. IEEE Internet Computing, 62–69 (2003)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: ACM Symposium On Access Control Models And Technologies (SACMAT 2002), pp. 135–140. ACM, USA (2002)
Zhou, W., Meinel, C.: Implement Role-Based Access Control With Attribute Certificates. In: International Conference on Advanced Communication Technology (ICACT 2004), Korea, pp. 536–541 (2004)
Freudenthal, E., Pesin, T., Port, L.: DRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. Technical Report TR2001-819, Department of Computer Science, New York University
Li, N., Mao, Z.: Administration in Role-Based Access Control. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS 2007), pp. 127–138. ACM, Singapore (2007)
Santa, G.A., Higuera, D.: Mobile User Authentication Protocols. In: Proc. Of IASTED International Conference in Wireless and Optical Communication, Canada (2001)
Ma, M., Woodhead, S.: Constraint-enabled Distributed RBAC for Subscription-based Remote Network Services. In: IEEE International Conference on Computer and Information Technology (CIT 2006). IEEE Computer Society, USA (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S. (2009). Achieving DRBAC Authorization in Multi-trust Domains with MAS Architecture and PMI. In: Ghose, A., Governatori, G., Sadananda, R. (eds) Agent Computing and Multi-Agent Systems. PRIMA 2007. Lecture Notes in Computer Science(), vol 5044. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01639-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-01639-4_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01638-7
Online ISBN: 978-3-642-01639-4
eBook Packages: Computer ScienceComputer Science (R0)