chained and delegable authorization tokens
play

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. - PowerPoint PPT Presentation

Dec 20, 2022 •100 likes •488 views

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autnoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15 Outline Introduction 1

  1. Chained and Delegable Authorization Tokens G. Navarro J. García J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autònoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15

  2. Outline Introduction 1 Example 2 Initialization Token delgation Chain delegation 3 Delegation in CADAT Implementation and Applications 4 Implementation SPKI cert without using full tag intersection SPKI cert using full tag intersection 5 Conclusions G. Navarro et al. (UAB) CADAT NordSec 2004 2 / 15

  3. Outline Introduction 1 Example 2 Initialization Token delgation Chain delegation 3 Delegation in CADAT Implementation and Applications 4 Implementation SPKI cert without using full tag intersection SPKI cert using full tag intersection 5 Conclusions G. Navarro et al. (UAB) CADAT NordSec 2004 3 / 15

  4. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  5. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  6. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  7. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  8. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  9. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: h_10, h_9, ..., h_1 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  10. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: h_10, h_9, ..., h_1 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  11. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: { contract(h_10) } h_10, h_9, ..., h_1 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  12. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: { contract(h_10) } h_10, h_9, ..., h_1 h_9 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  13. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: { contract(h_10) } h_10, h_9, ..., h_1 h_9 h_8 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  14. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  15. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice { token-deleg(h_8) } G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  16. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice { token-deleg(h_8) } h_7 G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  17. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice { token-deleg(h_8) } h_7 h_6 G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  18. Example Chain delegation Example: chain delegation AcmeNews Alice Bob G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  19. Example Chain delegation Example: chain delegation AcmeNews Alice Bob { chain-deleg(h_6) } G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  20. Example Chain delegation Example: chain delegation AcmeNews Alice Bob { chain-deleg(h_6) } h_5 G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  21. Example Chain delegation Example: chain delegation AcmeNews Alice Bob { chain-deleg(h_6) } h_5 h_4 G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  22. Delegation in CADAT CADAT & Delegation token-delegation: delegatee is the consumer of tokens, who offers the service (aka server-side delegation). chain-delegation: delegatee is the user of the tokens, who access the service (aka client-side delegation). G. Navarro et al. (UAB) CADAT NordSec 2004 8 / 15

  23. Delegation in CADAT CADAT & Delegation token-delegation: delegatee is the consumer of tokens, who offers the service (aka server-side delegation). chain-delegation: delegatee is the user of the tokens, who access the service (aka client-side delegation). G. Navarro et al. (UAB) CADAT NordSec 2004 8 / 15

  24. Implementation and Applications Implementation Implementation CADAT is implemented in Java. Contracts and delegations encoded as SPKI/SDSI authorization certificates . Basic functionality provided by JSDSI ; Chain discovery algorithm = ⇒ all computations needed by CATAD. Extended to support hash chain verification in the algorithm. G. Navarro et al. (UAB) CADAT NordSec 2004 9 / 15

  25. Implementation and Applications Implementation Implementation CADAT is implemented in Java. Contracts and delegations encoded as SPKI/SDSI authorization certificates . Basic functionality provided by JSDSI ; Chain discovery algorithm = ⇒ all computations needed by CATAD. Extended to support hash chain verification in the algorithm. G. Navarro et al. (UAB) CADAT NordSec 2004 9 / 15

  26. Implementation and Applications Implementation Implementation CADAT is implemented in Java. Contracts and delegations encoded as SPKI/SDSI authorization certificates . Basic functionality provided by JSDSI ; Chain discovery algorithm = ⇒ all computations needed by CATAD. Extended to support hash chain verification in the algorithm. G. Navarro et al. (UAB) CADAT NordSec 2004 9 / 15

  27. Implementation and Applications SPKI cert without using full tag intersection Token as SPKI authorization certificate Partial tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert without hash verification (cert (issuer ...) (subject ...) (tag (h-chain-id |123456789|) (h-chain-index (* range numeric ge 7))) (comment (h-val (hash md5 |899b786bf7dfad58aa3844f2489aa5bf|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 10 / 15

  28. Implementation and Applications SPKI cert without using full tag intersection Token as SPKI authorization certificate Partial tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert without hash verification (cert (issuer ...) (subject ...) (tag (h-chain-id |123456789|) (h-chain-index (* range numeric ge 7))) (comment (h-val (hash md5 |899b786bf7dfad58aa3844f2489aa5bf|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 10 / 15

  29. Implementation and Applications SPKI cert using full tag intersection Token as SPKI authorization certificate Full tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert with hash verification (cert (issuer ...) (subject ...) (tag (hash-auth (hchain-id |lksjfSDFIsdfkj0sndKIShfoMSKJSD|) (hchain-index 15) (hash md5 |d52885e0c4bc097f6ba3b4622e147c30|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 11 / 15

  30. Implementation and Applications SPKI cert using full tag intersection Token as SPKI authorization certificate Full tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert with hash verification (cert (issuer ...) (subject ...) (tag (hash-auth (hchain-id |lksjfSDFIsdfkj0sndKIShfoMSKJSD|) (hchain-index 15) (hash md5 |d52885e0c4bc097f6ba3b4622e147c30|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 11 / 15

  31. Implementation and Applications SPKI cert using full tag intersection Applications Generic token-based access control system. Micropayment schemes. Current application: Token-based access control for mobile agents . G. Navarro et al. (UAB) CADAT NordSec 2004 12 / 15

  32. Implementation and Applications SPKI cert using full tag intersection Applications Generic token-based access control system. Micropayment schemes. Current application: Token-based access control for mobile agents . G. Navarro et al. (UAB) CADAT NordSec 2004 12 / 15

  33. Implementation and Applications SPKI cert using full tag intersection Applications Generic token-based access control system. Micropayment schemes. Current application: Token-based access control for mobile agents . G. Navarro et al. (UAB) CADAT NordSec 2004 12 / 15

Recommend

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

1.11k views • 18 slides
1 Research Goal Proposed tool: Chained clone detection tool Detection of clone sets connected

1 Research Goal Proposed tool: Chained clone detection tool Detection of clone sets connected

Overview of my presentation Introduction of chained clone detection Detection of Chained Clone and Its Application N.Yoshida, et al.: "On Refactoring Support Based on Code Clone Dependency Relation", Proc. of METRICS 2005.

316 views • 4 slides
SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew Hanushevsky Stanford Linear Accelerator Center Stanford University Stanford University 27-May-08 http://xrootd slac stanford edu

550 views • 23 slides
Chained to the drawing board By Carolyn Okom o SHARE E-MAIL RETURN TO FULL STORY Published May

Chained to the drawing board By Carolyn Okom o SHARE E-MAIL RETURN TO FULL STORY Published May

Chained to the drawing board - Printer Friendly Version (The Deal Magazine) Page 1 of 5 Chained to the drawing board By Carolyn Okom o SHARE E-MAIL RETURN TO FULL STORY Published May 1, 2009 at 10:29 AM The heyday of asbestos bankruptcies is

323 views • 5 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
CISC101 Reminders & Notes Today Finish up chained if statements Assignment 2 is

CISC101 Reminders & Notes Today Finish up chained if statements Assignment 2 is

CISC101 Reminders & Notes Today Finish up chained if statements Assignment 2 is posted Due on Sunday, February 20 th at 11:59AM Continue from slide 23 last time Introduce loops Tests are being marked while

290 views • 5 slides
Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It is designed to : Assist in benefit determination Prevent unanticipated denials of coverage Create a collaborative approach to

187 views • 18 slides
The Reinforcing Effects of Houselight Illumination During Chained Schedules of Food Presentation

The Reinforcing Effects of Houselight Illumination During Chained Schedules of Food Presentation

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/23295756 The Reinforcing Effects of Houselight Illumination During Chained Schedules of Food Presentation Article in Journal of the

386 views • 20 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
Systems Good for People Chained to the Rhythm Learning Analogies Analogies Run Amok What

Systems Good for People Chained to the Rhythm Learning Analogies Analogies Run Amok What

Making Information Systems Good for People Chained to the Rhythm Learning Analogies Analogies Run Amok What Happened? What We Do How Do They Work? Finding Patterns Recommender Vocabulary

773 views • 59 slides
Stateful Chained Network Functions Junaid Khalid W,G and Aditya Akella W 1 *This work does not

Stateful Chained Network Functions Junaid Khalid W,G and Aditya Akella W 1 *This work does not

Correctness and Performance for Stateful Chained Network Functions Junaid Khalid W,G and Aditya Akella W 1 *This work does not have any affiliation with Google Network Function Virtualization (NFV) Hardware NF software NF over commodity

1.76k views • 120 slides
Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance Synchronization Robustness Lecture 13 CS 111 Page 1 Summer 2013 Authorization and Authentication Authorization is determined if someone

886 views • 41 slides
CS 225 Data Structures Dec. 11 Flo loyd- Warshalls Algorithm Wad ade Fag agen-Ulm

CS 225 Data Structures Dec. 11 Flo loyd- Warshalls Algorithm Wad ade Fag agen-Ulm

CS 225 Data Structures Dec. 11 Flo loyd- Warshalls Algorithm Wad ade Fag agen-Ulm lmschneid ider Reinforcement Learning Available Tokens Learned Move Take 1 token 9 10 Take 2 tokens 7 9 Take 2 tokens 6 8 Take 1 token

612 views • 23 slides
Curricular Practical Training (CPT) How Do I Obtain CPT Authorization? HOW DO I OBTAIN CPT

Curricular Practical Training (CPT) How Do I Obtain CPT Authorization? HOW DO I OBTAIN CPT

Curricular Practical Training (CPT) How Do I Obtain CPT Authorization? HOW DO I OBTAIN CPT AUTHORIZATION? 1. Register for and attend a MANDATORY CPT Information Session. You can register and find dates on Handshake by Mid-February YOU

320 views • 17 slides
Sliding tokens on block graphs Duc A. Hoang 1 Eli Fox-Epstein 2 Ryuhei Uehara 1 1 JAIST, Japan 2

Sliding tokens on block graphs Duc A. Hoang 1 Eli Fox-Epstein 2 Ryuhei Uehara 1 1 JAIST, Japan 2

WALCOM 2017 (March 29-31, 2017, Hsinchu, Taiwan) Sliding tokens on block graphs Duc A. Hoang 1 Eli Fox-Epstein 2 Ryuhei Uehara 1 1 JAIST, Japan 2 Brown University, USA Outline Reconfiguration problems and moving tokens on graphs 1 Sliding

657 views • 32 slides
REACH Authorization Brussels, June 26, 2013 Dr. Cndido Garca Molyneux

REACH Authorization Brussels, June 26, 2013 Dr. Cndido Garca Molyneux

REACH Authorization Brussels, June 26, 2013 Dr. Cndido Garca Molyneux cgarciamolyneux@cov.com Outline 1. What is covered by Authorization 2. State of Play 3. General Overview of Process 4. Who Can Apply 5. Application Deadlines 6.

148 views • 13 slides
Security and Authorization Access to large databases is generally selective: Distinct users

Security and Authorization Access to large databases is generally selective: Distinct users

Security and Authorization Access to large databases is generally selective: Distinct users have distinct privileges. The process of defining and granting these privileges is called authorization. Authorization is generally a positive

514 views • 22 slides
1997 Bond Authorization Project Information Sheets Transportation Bond Improvement Plan 1997

1997 Bond Authorization Project Information Sheets Transportation Bond Improvement Plan 1997

1997 Bond Authorization Project Information Sheets Transportation Bond Improvement Plan 1997 HURF Bond Authorization Bond Implementation Authorization Project Period Amount DOT-06 Magee Road: La Canada Drive to Oracle Road 2015/16 $

788 views • 49 slides
BRIEFING TO NISPPAC NISA WG KARL HELLMANN NISP Authorization Office (NAO) DATE: JUNE 2020

BRIEFING TO NISPPAC NISA WG KARL HELLMANN NISP Authorization Office (NAO) DATE: JUNE 2020

UNCLASSIFIED BRIEFING TO NISPPAC NISA WG KARL HELLMANN NISP Authorization Office (NAO) DATE: JUNE 2020 UNCLASSIFIED UNCLASSIFIED NISP AUTHORIZATION OFFICE DCSA Assessment and Authorization Process Manual (DAAPM) Complete control package

393 views • 4 slides
Chained Financial Failures at Nation-wide Scale in Japan Yoshi Fujiwara Graduate School of

Chained Financial Failures at Nation-wide Scale in Japan Yoshi Fujiwara Graduate School of

Chained Financial Failures at Nation-wide Scale in Japan Yoshi Fujiwara Graduate School of Simulation Studies, University of Hyogo, Kobe Hideaki Aoyama Graduate School of Sciences, Kyoto University, Kyoto Yoshi Fujiwara | ETH Zurich | 20120911

609 views • 49 slides

More recommend