The PERMIS X.509 role based privilege management infrastructure |
| |
| Affiliation: | 1. Geriatric Research, Education, and Clinical Center, George E. Whalen VA Medical Center, Salt Lake City, UT, United States;2. Department of Internal Medicine, Division of Geriatrics, University of Utah School of Medicine, Salt Lake City, UT, United States;3. Department of Health and Exercise Sciences, Skidmore College, Saratoga Springs, NY, United States;4. Department of Exercise and Sport Science, University of Utah, Salt Lake City, UT, United States;5. Department of Internal Medicine, Division of Cardiology, George E. Whalen VA Medical Center, University of Utah Medical Center, University of Utah School of Medicine, Salt Lake City, UT, United States;1. Heart Failure Unit, IRCCS Policlinico San Donato, University of Milano, Milan, Italy;2. Radiology Unit, IRCCS Policlinico San Donato, Milan, Italy;3. Department of Cardiac Surgery, IRCCS Policlinico San Donato, Milan, Italy;1. Department of Cardiovascular Research, King''s College London, The James Black Centre, 125 Coldharbour Lane, London SE5 9NU, United Kingdom;2. Kings College Hospital NHS Foundation Trust, Denmark Hill, London SE5 9RS, United Kingdom;1. Department of Emergency, Kuang Tien General Hospital, Taichung, Taiwan;2. School of Medicine, Kaohsiung Medical University, Kaohsiung Medical University Hospital, Taiwan;3. School of Medicine, National Yang-Ming University, Taipei, Taiwan;4. Department of Medicine, Taipei Veterans General Hospital, Yuanshan Branch, Yilan, Taiwan;5. Division of Nephrology, Department of Medicine, Taipei City Hospital Heping Fuyou Branch, Taipei, Taiwan;6. Division of Nephrology, Department of Medicine, Taipei Veterans General Hospital, Taipei, Taiwan;7. Department of Neurology, Neurological Institute, Taipei Veterans General Hospital, Taipei, Taiwan;8. Institute of Clinical Medicine, National Yang-Ming University, Taipei, Taiwan |
| |
| Abstract: | This paper describes the EC PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users’ roles. All access control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
