The service provider needs to answer two questions before performing this action:
The first is called authentication. The second is called authorization.
An Authorization Computation (AC) Service Provider answers the authorization question. The service provider does not perform the operation. The AC module defines a small number of interfaces to request authorization evaluations.
Authorization decisions are based on local truths, not universal truth. Local truths are the assumptions defined as valid within the local environment. Each assumption is formalized and represented in an Access Control List (ACL) structure. An ACL is a list of subjects allowed to have some particular access to some resource. The subjects can be represented by names, public cryptographic keys, or other authenticateable values. A requester presents an exhibit corresponding to the subject of an ACL. The exhibit can be matched with the subject of the ACL, which grants rights to the subject. Certificates, exhibits, other forms of credentials, and ACLs (which are non-signed credentials) can all be involved in the authorization decision. The CDSA AC Module defines a set of data structures representing these abstractions.
Granted authorizations can be carried in certificates. When making a request, a caller presents certificates and other samples or exhibits demonstrating that the caller is the "owner" of the empowered certificates.
Authorization evaluation is a two step process:
The reduction process uses the caller-provided certificates to convert exhibits to the list of operations authorized by those certificates and exhibits. The intersection step compares the reduction results with the ACL entries.
Authorization intersection is a rigidly-defined operation. Consider two authorizations X and Y. The authorizations X and Y are non-empty lists. The first element is a byte string, called the name or type of the list. Suppose that X is an authorization derived from the reduction process applied to the caller's credentials and exhibits. Suppose that Y is a basic authorization contained in an ACL entry (that is, it is a local assumption). Authorization is evaluated by computing the intersection of two lists. The intersection is computed by pairwise-intersecting each element in the list. List elements can be either byte strings or non-empty sublists:
If two lists are of different length but intersect in a non-null set of common elements, then the intersection includes all the elements of the longer list. If the intersection of X and Y is empty, then X and Y can not be reduced. This means that the caller's authenticated authorizations, represented by X do not match the local requirement and assumptions define by Y. In this case, the authorization evaluation result is negative. If the intersection in non-empty, then the caller is authorize to perform the operations granted by entry Y of the ACL.
Contents | Next section | Index |