Overview of the Framework

Our framework is applied to distributed systems that span multiple autonomous administrative domains without a central management authority. Applications may impose their own security policies and use different authentication services, e.g. Kerberos, DCE or X.509 certificates. We assume that within a distributed system, multiple independent applications coexist. The individual security requirements of each application are reflected in application-specific security policies. There might exist common ACLs that apply to sets of applications. Therefore, we wanted to design a flexible and expressive mechanism for representing and evaluating authorization policies. It had to be general enough to support a variety of security mechanisms based on public or secret key cryptosystems, and it had to be usable by multiple applications supporting different operations and even different kinds of protected objects. The major components of the architecture are:

• Authentication mechanisms perform authentication of users and supply them with initial credentials.
• A group server that maintains group membership information.
• GAA API. Applications call GAA API routines to check authorization against its authorization model. The API routines obtain policies from local files, distributed authorization servers, and from credentials provided by the user. They combinine local and distributed authorizations under a single API according to the requirements of the application.
• Delegation is supported through inclusion of delegation credentials, such as those supported by restricted proxies [1].