OSDI 2000 Technical Program

OSDI 2000 Abstract

End-to-end authorization

Jon Howell, Consystant Design Technologies, and David Kotz, Dartmouth College

Abstract

Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit.

We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system is a practical approach to the desirable goal of end-to-end authorization.

View the full text of this paper in HTML form, PDF form, and PostScript form.
You may also download the software.
If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
To become a USENIX Member, please see our Membership Information.

Need help? Use our Contacts page.

Last changed: 16 Jan. 2002 ml

Technical Program

OSDI 2000 Home

USENIX home