Design of a Role-based Trust-management Framework
Abstract
We introduce the RT framework, a family of Rolebased
Trust-management languages for representing policies
and credentials in distributed authorization. RT combines
the strengths of role-based access control and trustmanagement
systems and is especially suitable for attributebased
access control. Using a few simple credential forms,
RT provides localized authority over roles, delegation in
role definition, linked roles, and parameterized roles. RT
also introduces manifold roles, which can be used to express
threshold and separation-of-duty policies, and delegation
of role activations. We formally define the semantics
of credentials in the RT framework by presenting a translation
from credentials to Datalog rules. This translation also
shows that this semantics is algorithmically tractable.
2021-10-11 20:34:11
176KB
基于角色权限
1