We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the programs that have executed, even those of login programs. These identities are based on a naming tree. Our access control lists are patterns that recognize principals. We show how this design supports a variety of access control scenarios.

PDF file

In  Proceedings of the Tenth Workshop on Hot Topics in Operating Systems

Publisher  USENIX
All copyrights reserved by USENIX 2004

Details