A HYBRID MULTI-APPLICATION AUTHENTICATION AND AUTHORIZATION MODEL USING MULTI-AGENT SYSTEM AND PKI

摘要

Authentication, Authorization, Accountability (AAA) is always required for a good access control system. This paper proposes a Single Sign-On (SSO) model that serves the AAA property with the activity-based policy. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multiapplications and multi-clients more dynamically and efficiently. The agent system functions when each client requests to sign on and it is responsible for validating a client certificate, granting an access role to the client, and controlling a concurrent use of applications.