Pp. 101–116 of the Proceedings

da-ta-base Mar-ket-ing-Dept Code-Source Code-Ex-ec-ut-or Code-Ex-ec-ut-ors Prin-ci-pal-Do-mains Prin-ci-pal-Do-main Pro-tec-tion-Do-main Pro-tec-tion-Do-mains De-le-ga-tion-Cer-ti-fi-ca-te de-le-ga-tion-Cer-ti-fi-ca-te De-le-ga-tion-Cer-ti-fi-ca-tes Ac-cess-Con-trol-ler Ac-cess-Con-trol-lers en-able-Pri-vi-le-ged de-le-ga-te-Id-ent-ity De-le-ga-te-Id-ent-ity Role-Type super-User en-able-Sim-ple-De-le-ga-tion en-able-Cas-ca-ded-De-le-ga-tion From-Prin-ci-pal To-Prin-ci-pal Sim-ple-De-le-ga-tion-Cert Cas-ca-ded-De-le-ga-tion-Cert is-Per-mit-ted-De-le-gate set-Re-vo-ca-ble-De-le-ga-ti-on SE-SA-ME

Secure Delegation for Distributed Object Environments

Nataraj Nagaratnam, Department of ECS, Syracuse University
Doug Lea, Department of Computer Science, SUNY Oswego
email: nataraj@cat.syr.edu, dl@cs.oswego.edu

• Abstract
• Introduction
• Concepts and Terminology
  • Principals.
  • Signing.
  • CodeExecutors.
  • Permissions.
  • Privileges.
  • Roles
    • Role Certificates.
    • Adopting Roles.
    • Multiple Roles.
  • Domains
    • Protection Domains.
    • Principal Domains.
• Delegation
  • Protection Domains and Delegation
  • Modes and Chaining
  • Controlling Delegation
  • Delegation Certificates
• Delegation Protocols
  • A does not enable Delegation, B specifies NoDelegation.
  • A does not enable Delegation, B specifies Simple or Cascaded Delegation.
  • A enables Delegation, B requires NoDelegation.
  • A enables Delegation, B requires Delegation.
  • A enables Delegation, B specifies Simple Delegation.
  • A enables Delegation, B specifies Cascaded Delegation.
  • Chained Invocations
  • An Example
• Revocation
  • Revocation Notifications
• Status and Future Work
• Discussion
  • DSSA.
  • Varadharajan et al.
  • SESAME.
  • Kerberos.
  • Taos.
  • DCE.
  • Limitations
• References
• About this document ...