Access control with role attribute certificates

Jing Jang Hwang, Kou Chen Wu, Duen-Ren Liu*


研究成果: Article同行評審

12 引文 斯高帕斯(Scopus)


The goal of access control is to counter the threat of unauthorized operations involving computer or communication systems. Role-based access control (RBAC) is a new paradigm for access control, different from the traditional schemes such as the capability scheme or the access control list scheme. To realize the RBAC scheme, we define role attribute certificates following a generic specification in X.509. Our certificate is a vehicle for carrying role-assignment information about a certificate subject. The certificate is certified, issued, and revoked by a central administrator, called the Role Attribute Certification Authority (RACA); as a result, the access control information conveyed in the certificate is centrally managed. The certificate is sent to application sites where the information is required for access control decisions; consequently, a scheme using this special type of attribute certificate gains the advantage of reducing communication. The drawback with this approach is that role attribute certificates must be accompanied by a public-key certificate, whose functioning depends on the existence of a public-key infrastructure (PKI).

頁(從 - 到)43-53
期刊Computer Standards and Interfaces
出版狀態Published - 3月 2000


深入研究「Access control with role attribute certificates」主題。共同形成了獨特的指紋。