End-To-End Authorization

Authors

Jon Howell, Consystant Design Technologies
David Kotz, Dartmouth College

Document Type

Conference Paper

Publication Date

10-2000

Publication Title

Proceedings of the 2000 Symposium on Operating Systems Design and Implementation (OSDI)

Department

Department of Computer Science

Abstract

Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. \par We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system is a practical approach to the desirable goal of end-to-end authorization.

Original Citation

Jon Howell and David Kotz. End-to-end authorization. In Proceedings of the 2000 Symposium on Operating Systems Design and Implementation (OSDI), October 2000.

Dartmouth Digital Commons Citation

Howell, Jon and Kotz, David, "End-To-End Authorization" (2000). Dartmouth Scholarship. 3330.
https://digitalcommons.dartmouth.edu/facoa/3330