Martín Abadi, Andrew Birrell, and Ted Wobber
We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the programs that have executed, even those of login programs. These identities are based on a naming tree. Our access control lists are patterns that recognize principals. We show how this design supports a variety of access control scenarios.
|Published in||Proceedings of the Tenth Workshop on Hot Topics in Operating Systems|
|Address||Santa Fe, NM|
All copyrights reserved by USENIX 2004