Professional Documents
Culture Documents
Delegation of AuthorityJISCdemo
Delegation of AuthorityJISCdemo
Delegation of AuthorityJISCdemo
21 June 2006
21 June 2006
To use your PC
If it is protected by a username and password?
21 June 2006
21 June 2006
Assigns privilege to
Privilege Holder
21 June 2006
I delegate authority to this End User to use this resource in this limited way signed The Privilege Holder End User (Privilege Holder) Delegates privilege to Can I use the Resource 6 Copyright 2006 University of Kent
Please purchase this product from company X signed the End User
Privilege Verifier
21 June 2006
Access Control
Usually based on access control lists
This list of users can do these things
Examples Ed and Jake can read the exam results file on the Kent University website Jo and Zoe get 10% discount when electronically shopping at Tescos PROBLEMS You need to know the names of all the users Very difficult to scale to Internet proportions where there are millions of users
21 June 2006 Copyright 2006 University of Kent 8
SOA
SOA = Source of Authority AA = Attribute Authority
Bill
AC
Issues AC to
Points to holder
AA
Alice
Issues AC to
End Entity
21 June 2006
Bob
An Attribute Certificate is a digitally signed electronic document that says that this holder has been given these attributes by this issuer
11
SOA
Bill Issues
AC to Issues AC to
AA
Alice
Issues AC to
End Entity
21 June 2006
Bob
Copyright 2006 University of Kent 13
Request
DIS
Web service interface
Authorisation
IssueAC
publishAC
Sign AC
LDAP server
21 June 2006 Copyright 2006 University of Kent 15
Anyone with Admin or Researcher role can delegate Researcher role to anyone else in Staff domain 21 June 2006 Copyright 2006 University of Kent
16
21 June 2006
18
21 June 2006
19
21 June 2006
20
21 June 2006
21
21 June 2006
22
21 June 2006
23