Privacy-Aware Proof-Carrying Authorization
Proof-Carrying Authorization (PCA) is one of the most popular approaches for the enforcement of access control policies. In a nutshell, the idea is to formalize a policy as a set of logical rules and to let the requester construct a formal proof showing that she has permissions to access the desired resource according to the provider's policy. This policy may depend on logical formulas that are assumed by other principals in the system. The validity of these formulas is witnessed by digital signatures. The usage of digital signatures, however, has a serious drawback, i.e., sensitive data are leaked to the verifier, which severely limits the applicability of PCA.