Access control with role attribute certificates

Jing Jang Hwang, Kou Chen Wu, Duen-Ren Liu*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

12 Scopus citations

Abstract

The goal of access control is to counter the threat of unauthorized operations involving computer or communication systems. Role-based access control (RBAC) is a new paradigm for access control, different from the traditional schemes such as the capability scheme or the access control list scheme. To realize the RBAC scheme, we define role attribute certificates following a generic specification in X.509. Our certificate is a vehicle for carrying role-assignment information about a certificate subject. The certificate is certified, issued, and revoked by a central administrator, called the Role Attribute Certification Authority (RACA); as a result, the access control information conveyed in the certificate is centrally managed. The certificate is sent to application sites where the information is required for access control decisions; consequently, a scheme using this special type of attribute certificate gains the advantage of reducing communication. The drawback with this approach is that role attribute certificates must be accompanied by a public-key certificate, whose functioning depends on the existence of a public-key infrastructure (PKI).

Original languageEnglish
Pages (from-to)43-53
Number of pages11
JournalComputer Standards and Interfaces
Volume22
Issue number1
DOIs
StatePublished - Mar 2000

Keywords

  • Attribute certificate
  • Public-key certificate
  • Role-based access control
  • X.509 standard recommendation

Fingerprint

Dive into the research topics of 'Access control with role attribute certificates'. Together they form a unique fingerprint.

Cite this