摘要
信任管理是一种适用于大规模分布式网络的访问控制机制,SPKI/SDSI2.0是目前信任管理体系中最成熟、最普及的一个.可目前已有的SPKI/SDSI2.0证书链搜索算法都是集中式的,而SPKI/SDSI2.0系统是一种分布式系统,证书是以分布式方式分发和存储的.针对此问题,首先给出一种合理的SPKI/SDSI2.0分布式证书存储策略,其中的证书是对象方完全可追溯的(subject-traces-all).在此基础上,提出了一种分布式的SPKI/SDSI2.0证书链搜索算法DCCDS,它是面向目标的(goal-directed).理论分析表明,算法具有较高的执行效率,而且可以实现对委托深度(delegation depth)的细粒度控制.
Trust management is an approach to access control in a distributed environment.SPKI SDSI2.0 is the most popular trust management system at present.But the existing credential chain discovery algorithms in SPKI SDSI2.0 are all centralized.The needed credentials are either provided by users or it is assumed that they have been distributed to local machines before search,but SPKI SDSI2.0 is a distributed system,in which the credentials are often issued and stored in a distributed manner.To address this problem,a reasonable distributed credentials storage scheme is proposed in this paper.Each credential is stored in one place and all the credentials are subject-traces-all.Based on this scheme,DCCDS(distributed credential chain discovery in SPKI SDSI2.0) is put forward.Unlike other algorithms,DCCDS needn't reduce credentials and compute the name-reduction closure of a set of credentials.DCCDS searches all the name credentials for one princpal,at the same time,looks for the authorization credentials to all those name credentials.Finally,depth-first search is used to determine whether there exists a chain from self to the requestor.DCCDS is goal-directed,and it could gather automatically relevant name and authorization credentials which are needed.It is shown by theoretical analysis that DCCDS has a higher efficiency;moreover,it could solve the problem of delegation depth elegantly.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2008年第7期1133-1141,共9页
Journal of Computer Research and Development
基金
国家“八六三”高技术研究发展计划基金项目(2007AA01Z410)
国家“九七三”重点基础研究发展规划基金项目(2007CB307101)
