• EN
  • DA

Danish NationalResearch Database

  • Publications
  • Researchers
Example Finds records
water{} containing the word "water".
water supplies"{}" containing the phrase "water supplies".
author:"Doe, John"author:"{}" containing the phrase "Doe, John" in the author field.
title:IEEEtitle:{} containing the word "IEEE" in the title field.
bech{} containing the word "bech".
marie bech"{}" containing the phrase "marie bech".
orcid:0000-0002-5429-5292orcid:{} Having a particular ORCID
Need more help? Advanced search tutorial
  • Selected (0)
  • History

A Mechanism for Identity Delegation at Authentication Level

    • Save to Mendeley
    • Export to BibTeX
    • Export to RIS
    • Email citation
Authors:
  • Ahmed, Naveed ;
    Close
    Department of Informatics and Mathematical Modeling, Technical University of Denmark
  • Jensen, Christian D.
    Close
    Orcid logo0000-0002-0921-7148
    Department of Informatics and Mathematical Modeling, Technical University of Denmark
Abstract:
Authentication and access control are normally considered separate security concepts that have separate goals and are supported by separate security mechanisms. In most operating systems, however, access control is exclusively based on the identity of the requesting principal, e.g., an access control mechanism based on Access Control Lists simply verifies that the authenticated identity of the requesting principal is on the list of authorized users. In this paper we propose a delegation mechanism for nomadic users, which exploits the amalgamation of authentication and access control in most operating systems, by delegating privileges at the identity level. The complexity of classic delegation models, especially if it strictly fol- lows the principle of least privileges, often leads to poor usability which motivates a user to circumvent the default delegation mechanism. On the other hand, the identity delegation makes good use of trust relationships between users of a particular environment and offers the possibility of improved usability. Although it might violate the principle of least privileges, but practically it could increase the over all security of a nomadic environment where users need to frequently delegate their duties. The proposed mechanism is independent of the choice of access control mechanism, as there is no distinction between a delegator and a delegatee for the rest of the system and the delegation event is only logged at the authentication level. Due to its improved usability, the motivation of sharing authentication tokens is reduced.
Type:
Conference paper
Language:
English
Published in:
Identity and Privacy in the Internet Age, Proceedings: Lecture Notes in Computer Science, 2009, p. 148-162
Keywords:
Main Research Area:
Science/technology
Publication Status:
Published
Review type:
Peer Review
Conference:
NordSec 2009
Publisher:
Springer
Submission year:
2009
Scientific Level:
Scientific
ID:
160429051
Checking for on-site access...

On-site access

At institution

  • Technical university of dk
Feedback

Sitemap

  • Search
    • Statistics
    • Tutorial
    • Data
    • FAQ
    • Contact
  • About
    • Institutions
    • Release History
    • Cookies and privacy policy
  • Open Access
    • The Danish Open Access Indicator

Copyright © 1998–2018.

Fivu en