Access control with role attribute certificates

Jing Jang Hwang, Kou Chen Wu, Duen Ren Liu*


研究成果: 期刊稿件文章同行評審

12 引文 斯高帕斯(Scopus)


The goal of access control is to counter the threat of unauthorized operations involving computer or communication systems. Role-based access control (RBAC) is a new paradigm for access control, different from the traditional schemes such as the capability scheme or the access control list scheme. To realize the RBAC scheme, we define role attribute certificates following a generic specification in X.509. Our certificate is a vehicle for carrying role-assignment information about a certificate subject. The certificate is certified, issued, and revoked by a central administrator, called the Role Attribute Certification Authority (RACA); as a result, the access control information conveyed in the certificate is centrally managed. The certificate is sent to application sites where the information is required for access control decisions; consequently, a scheme using this special type of attribute certificate gains the advantage of reducing communication. The drawback with this approach is that role attribute certificates must be accompanied by a public-key certificate, whose functioning depends on the existence of a public-key infrastructure (PKI).

頁(從 - 到)43-53
期刊Computer Standards and Interfaces
出版狀態已出版 - 03 2000


深入研究「Access control with role attribute certificates」主題。共同形成了獨特的指紋。