期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2009
卷号:3
期号:1
出版社:SERSC
摘要:Role based trust management uses distributed role hierarchies (DRH) to provide flexible and scalable authorization in multi-domain environments, but DRH are inherently transitive and may easily lead to unexpected or even illegal authorization. In this paper, we propose TS-DRH, a generalized extension of DRH based on a novel trust scope model of distributed roles. TS-DRH introduces the notion of scoped roles with four kinds of structural trust scopes, and uses scoped roles to control the member scopes of senior roles and the permission scopes of junior roles, and thus helps to control the propagation of role memberships and permissions in DRH. This paper also designs rule based semantics and a compliance checking algorithm to compute authorization decisions for TS-DRH.
