Authorization and Certificates: Are We Pushing When We Should Be Pulling?

J. Crampton and H. Khambhammettu (UK)


Authorization, Certificate, Pull Model, Push Model


Certificates have long been used to bind authorization in formation to an identity or public key. Essentially there are two ways in which a verifying authority (reference moni tor) can obtain the information (from a certificate) that is required to make an access control decision: the requesting entity provides the privilege attributes to the verifying au thority a `push' model; or the verifying authority obtains the privilege attributes from a trusted repository a `pull' model. In this paper we argue that a push model, which is used by most certificate-based authorization mechanisms, is inferior to a pull model, and present an architecture based on the pull model.

Important Links:

Go Back