Reliable Distributed Systems, IEEE Symposium on (2003)
Oct. 6, 2003 to Oct. 8, 2003
Altair Olivo Santin , Federal University of Santa Catarina and Pontifical Catholic University of Paran?
Joni da Silva Fraga , Federal University of Santa Catarina
Frank Siqueira , Federal University of Santa Catarina
Emerson R. de Mello , Federal University of Santa Catarina
Traditional security systems are not easily scalable and can become single points of failure or performance bottlenecks when used on a large-scale distributed system such as the Internet. This problem occurs also when using a Public Key Infrastructure (PKI) with a hierarchical trust model. SDSI/SPKI is a PKI that adopts a more scalable trust paradigm, which is focused on the client and based on authorization chains. However, the task of locating the chain that links a client to a server is not completely addressed by SDSI/SPKI. Aiming to overcome this limitation, this paper proposes extensions to the SDSI/SPKI authorization and authentication model. The proposed approach introduces the concept of Federation Webs, which allow the client to build new authorization chains linking it to a server when a direct path does not exist. A prototype implementation of this proposal has shown promising results.
Altair Olivo Santin, Joni da Silva Fraga, Frank Siqueira, Emerson R. de Mello, "Federation Web: A Scheme to Compound Authorization Chains on Large-Scale Distributed Systems", Reliable Distributed Systems, IEEE Symposium on, vol. 00, no. , pp. 66, 2003, doi:10.1109/RELDIS.2003.1238056