Abstract
In large scale networked information systems (e.g. the World Wide Web), the community of subjects who may make requests to a service provider such as a digital library will often extend beyond the local community to include individuals about whom little prior knowledge, if any, exists at the provider. This poses challenges for resource protection which do not resist in traditional computing environments. The paper presents a formal framework for secure access to information and services in such systems, where both the size of the user base and a variety of local enterprise dependent representations of user attributes must be considered. In our framework, an individual supplies digital credentials akin to traditional paper credentials with a request for service. To decide whether to grant the request, the recipient interprets the credentials using knowledge about the credential issuers (more precisely, of what conditions must hold for the issuers to have issued the credentials) rather than, or in addition to, specific knowledge about the requester. Our formalism for access control also provides a basis for security oriented smart yellow pages facilities, which are directory services that manage queryable registries of information about service providers and their requirements.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
