5th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing

Research Article

VPAF: a flexible framework for establishing and monitoring prolonged authorization relationships

Download500 downloads
  • @INPROCEEDINGS{10.4108/ICST.COLLABORATECOM2009.8366 ,
        author={Eric Freudenthal and Bivas Das},
        title={VPAF: a flexible framework for establishing and monitoring prolonged authorization relationships},
        proceedings={5th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing},
        proceedings_a={COLLABORATECOM},
        year={2009},
        month={12},
        keywords={authorization validation revocation delegation trust management},
        doi={10.4108/ICST.COLLABORATECOM2009.8366 }
    }
    
  • Eric Freudenthal
    Bivas Das
    Year: 2009
    VPAF: a flexible framework for establishing and monitoring prolonged authorization relationships
    COLLABORATECOM
    ICST
    DOI: 10.4108/ICST.COLLABORATECOM2009.8366
Eric Freudenthal1,*, Bivas Das1,*
  • 1: Department of Computer Science, University of Texas at EI Paso, EI Paso, Texas 79968
*Contact email: efreudenthal@utep.edu, bdas@miners.utep.edu

Abstract

We describe a generic framework for determining and monitoring access rights derived from credential documents. Distributed authorization systems intended to support collaborative coalitions (such as trust management systems) typically incorporate mechanisms to both validate credentials, and to determine authorization. This conjunction of distinct functions increases complexity of both components and limits overall flexibility. Furthermore, while authorization decisions frequently enable the commencement of a prolonged relationship, current authorization systems are designed to authorize instantaneous transactions and provide no mechanisms to detect and propagate revocation after an authorization decision is made. VPAF (a validated and prolonged authorization framework) will separate these duties in a manner that permits credential validation and authorization decisions to be managed separately. VPAF is intended to enable vigilant monitoring of prolonged authorization relationships that span mutually distrustful administrative domains such as is common when multiple organizations collaborate.