RBAC in Distributed Retrieving Systems by Attribute Certificates

摘要

In order to implement role-based controls in distributed environments, they must be represented and managed in a secure manner. Attribute certification offers facilities that can be applied usefully and effectively to manage and delegate role-related attributes within distributed and mutually suspicious computing environments. It allows a wide range of authorization decision criteria to be managed in a coordinated fashion. As such, its definition and adoption affords opportunities for increasing support of role-based policies. In this paper, we describe an implementation of RBAC (Role-Based Access Control) on the distributed retrieving system as one possible application of attribute certificates. In this implementation, we use autonomic signatures to bind identity and attribute certificates, which support multiple CAs and different life time of identity and attribute certificates. To reduce retrieving system's load, we use attribute certificates in user-pull operational model. The implementation is developed by EJB components to provide effectively access control mechanism to any other distributed environments.