Authorization System in Open Networks based on Attribute Certificates : Towards an ICT Enabled Society


This paper describes a security system for authorization in open networks. Authorization means authority to access certain resources, to perform certain operations, or to use certain system functions. In this paper the authorization system is based on use of attribute certificates. An attribute certificate is a signed object containing authorization attributes of a user. Before checking whether a user is authorized to perform an action or to access an object, the identity of the user must be verified. The identity verification system is based on public key certificates. We separate authorization system from authentication system because the same authority does not always establish authorization and authentication information. However these two systems must be combined and that is done by including the serial number of the user’s public key certificate as a field in the user’s attribute certificate, which carries authorization information. The topology of the authorization system comprises authorization authority servers issuing attribute certificates to users, application clients handling those certificates, and application servers verifying user access rights based on attribute certificates. Furthermore, all these components are themselves certified by standard PKI certification authorities, thus supporting mutual authentication and cross–domain scaling.QC 2011060

Similar works

Full text

Digitala Vetenskapliga Arkivet - Academic Archive On-lineProvided a free PDF (195.62 KB)
Last time updated on May 25, 2016

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.