TY - JOUR
T1 - Access control with role attribute certificates
AU - Hwang, Jing Jang
AU - Wu, Kou Chen
AU - Liu, Duen Ren
PY - 2000/3
Y1 - 2000/3
N2 - The goal of access control is to counter the threat of unauthorized operations involving computer or communication systems. Role-based access control (RBAC) is a new paradigm for access control, different from the traditional schemes such as the capability scheme or the access control list scheme. To realize the RBAC scheme, we define role attribute certificates following a generic specification in X.509. Our certificate is a vehicle for carrying role-assignment information about a certificate subject. The certificate is certified, issued, and revoked by a central administrator, called the Role Attribute Certification Authority (RACA); as a result, the access control information conveyed in the certificate is centrally managed. The certificate is sent to application sites where the information is required for access control decisions; consequently, a scheme using this special type of attribute certificate gains the advantage of reducing communication. The drawback with this approach is that role attribute certificates must be accompanied by a public-key certificate, whose functioning depends on the existence of a public-key infrastructure (PKI).
AB - The goal of access control is to counter the threat of unauthorized operations involving computer or communication systems. Role-based access control (RBAC) is a new paradigm for access control, different from the traditional schemes such as the capability scheme or the access control list scheme. To realize the RBAC scheme, we define role attribute certificates following a generic specification in X.509. Our certificate is a vehicle for carrying role-assignment information about a certificate subject. The certificate is certified, issued, and revoked by a central administrator, called the Role Attribute Certification Authority (RACA); as a result, the access control information conveyed in the certificate is centrally managed. The certificate is sent to application sites where the information is required for access control decisions; consequently, a scheme using this special type of attribute certificate gains the advantage of reducing communication. The drawback with this approach is that role attribute certificates must be accompanied by a public-key certificate, whose functioning depends on the existence of a public-key infrastructure (PKI).
KW - Attribute certificate
KW - Public-key certificate
KW - Role-based access control
KW - X.509 standard recommendation
UR - http://www.scopus.com/inward/record.url?scp=0346707578&partnerID=8YFLogxK
U2 - 10.1016/S0920-5489(99)00029-X
DO - 10.1016/S0920-5489(99)00029-X
M3 - 文章
AN - SCOPUS:0346707578
SN - 0920-5489
VL - 22
SP - 43
EP - 53
JO - Computer Standards and Interfaces
JF - Computer Standards and Interfaces
IS - 1
ER -