|
- Authors
- Dirk Balfanz
- Drew Dean
- Mike Spreitzer
- Abstract
-
We describe the design and implementation of a security
infrastructure for a distributed Java application. This work is
inspired by SDSI/SPKI, but has a few twists of its own. We define a
logic for access control, such that access is granted iff a proof
that it should be granted is derivable in the logic. Our logic
supports linked local name spaces, privilege delegation across
administrative domains, and attribute certificates. We use SSL to
establish secure channels through which principals can "speak",
and have implemented our access control system in Java. While we
implemented our infrastructure for the Placeless Documents System, our
design is applicable to other applications as well. We discuss general
issues related to building secure, distributed Java applications
that we discovered.
- Published
- Proceedings of 2000 IEEE Symposium on Security and Privacy. Oakland, CA. May 2000
- Text
- GZip'ed Postscript (165k)
PDF (Adobe Acrobat) (189k)
|
|
