Access control programs (ACPs), which permit controlled delegationof access rights to untrusted computer hosts, are discussed. Existingdelegation protocols for distributed systems provide a way for a clientto transfer its access rights to an intermediary, but provide onlylimited facilities for restricting the rights granted to theintermediary. ACPs are small programs that encode arbitraryspecifications of delegated access rights. They are created anddigitally signed by a client and passed to a server through anintermediary. When processing a request from the intermediary, theserver executes the access control program to decide whether or not togrant the intermediary's request. Examples of ACPs used in a variety ofapplications are presented. A sample implementation of ACPs in theAndrew File System is described
展开▼