Abstract

As the web has become a place for sharing of information and resources across varied domains, there is a need for providing authorization services in addition to authentication services provided by public key infrastructure (PKI). In distributed systems the use of attribute certificates (AC) has been explored as a solution for implementation of authorization services and their use is gaining popularity. AC issued by attribute authority (AA) facilitates identification of a service requester and can be used to enforce access control for resources. AC of a service requester is used as part of credentials supplied during the service request for accessing any resource. As there exist potentially multiple issuing domains which issue credentials, therefore the target domain must allow access to resources by considering different credentials and must be able to decide about which set of attributes can be considered as valid attributes for making access control decisions. In this paper, we present an authorization based access control model that allows a fine grained access control to resources in an open domain by utilizing attributes issued by diverse attribute authorities.