| Trust management realizes access control by the attribute of entities rather than the identity. It meets the need of attribute-based access control and adapts well in the distributed environment while in which the traditional identity-based access control exists deficiencies. The key technique of trust management system is proof of compliance, which can check whether the credentials constitute a proof that the request complies with the relevant policy. Proof of compliance can be implemented by credential chain discovery which finds a delegation chain from the source of authority to the requester. Also it is important to protect sensitive information in the trust negotiation process.A role-based trust management language with time-field was given to resolve the shortage in RT0. The validity and version number of credential could help to realize credential revocation and refreshment. The length of an intersection expression was restricted to fix the length of a credential and simplify the solution of intersection expression in credential chain discovery.A goal-oriented algorithm for discovering credential chains was proposed corresponding to the time-filed provided role-based trust management language. To present the period of permission acquirement, time-field was added to each edge in the credential graph as well as each element in the node solution set. Through defining the type of role, role expression and credential, the way credential stored was restricted, and the goal-oriented algorithm for discovering distributed credential chains was discussed.To raise the efficiency of using hidden credentials in trust negotiation, a scheme which implement complex polices by using polices expression and final prefix was presented. Through constructing and simplifying policy expressions, the encryption and decipherment times were decreased. The restoration of information was guaranteed since the use of final prefix. Example shows that the scheme is feasible and efficiency. |
PDF Full Text Request