Research Article
VPAF: a flexible framework for establishing and monitoring prolonged authorization relationships
@INPROCEEDINGS{10.4108/ICST.COLLABORATECOM2009.8366 , author={Eric Freudenthal and Bivas Das}, title={VPAF: a flexible framework for establishing and monitoring prolonged authorization relationships}, proceedings={5th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing}, proceedings_a={COLLABORATECOM}, year={2009}, month={12}, keywords={authorization validation revocation delegation trust management}, doi={10.4108/ICST.COLLABORATECOM2009.8366 } }- Eric Freudenthal
Bivas Das
Year: 2009
VPAF: a flexible framework for establishing and monitoring prolonged authorization relationships
COLLABORATECOM
ICST
DOI: 10.4108/ICST.COLLABORATECOM2009.8366
Abstract
We describe a generic framework for determining and monitoring access rights derived from credential documents. Distributed authorization systems intended to support collaborative coalitions (such as trust management systems) typically incorporate mechanisms to both validate credentials, and to determine authorization. This conjunction of distinct functions increases complexity of both components and limits overall flexibility. Furthermore, while authorization decisions frequently enable the commencement of a prolonged relationship, current authorization systems are designed to authorize instantaneous transactions and provide no mechanisms to detect and propagate revocation after an authorization decision is made. VPAF (a validated and prolonged authorization framework) will separate these duties in a manner that permits credential validation and authorization decisions to be managed separately. VPAF is intended to enable vigilant monitoring of prolonged authorization relationships that span mutually distrustful administrative domains such as is common when multiple organizations collaborate.
