Abstract
In the last years, SPKI, X.509 attribute certificates, or KeyNote has been proposed as mechanisms to create and specify authorization certificates, access control lists, or security policies in distributed environments. In this work we propose a new protocol able to negotiate and use some of these specifications. AMBAR is a multi-layered protocol based on a request/response model. In general, it provides functionality to transmit resource access requests, the authorization information related to those requests (credentials, ACLs), and results obtained from a certificate chain discovery method or compliance checker. It adds security by acting as a separate security layer inserted between the higher protocols and TCP (or another different transport protocol).
Partially supported by TEL-IFD97-1426 EU FEDER project (PISCIS)
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 1(22):6–15, January 1996.
A. O. Alan, P. Freier, and P. C. Kocher. The SSL Protocol Version 3.0, 1996.Internet Draft.
R. Anderson and R. Needham. Robustness principles for public key protocols. Number 963 in Lecture Notes in Computer Science. Springer, 1995.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust Management System Version 2, September 1999. Request For Comments (RFC) 2704.
J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. OpenPGP Message Format, 1998. Request For Comments (RFC) 2440.
O. Canovas and A. F. Gomez. AMBAR Protocol: Access Management Based on Authorization Reduction. Technical report, University of Murcia, May 2001. UM-DITEC-2001-7.
Intel Corporation. Common Data Security Architecture (CDSA). World Wide Web, http://developer.intel.com/ial/security, 2001.
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certi.cate theory, September 1999. Request For Comments (RFC) 2693.
S. Farrel and R. Housley. An Internet Attribute Certificate Profile for Authorization. Internet Engineering Task Force, 2001. draft-ietf-pkix-ac509prof-06.
R. Housley, W. Ford, and D. Solo. Internet Public Key Infrastructure, Part I: X.509 Certificate and CRL Profile, January 1999. Request for Comments (RFC) 2459.
A. Maywah. An implementation of a secure web client using SPKI/SDSI certificates. Master’s thesis, M.I.T., May 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cánovas, O., Gómez, A.F. (2001). AMBAR Protocol: Access Management Based on Authorization Reduction. In: Qing, S., Okamoto, T., Zhou, J. (eds) Information and Communications Security. ICICS 2001. Lecture Notes in Computer Science, vol 2229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45600-7_41
Download citation
DOI: https://doi.org/10.1007/3-540-45600-7_41
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42880-0
Online ISBN: 978-3-540-45600-1
eBook Packages: Springer Book Archive