A Method for Access Authorisation Through Delegation Networks
Owners of systems and resources usually want to control who can access them. This must be based on having a process for authorizing certain parties, combined with mechanisms for enforcing that only authorized parties are actually able to access those systems and resources. In distributed systems, the authorization process can include negative authorization (e.g. black listing), and delegation of authorization rights, which potentially can lead to conflicts. This paper describes a method for giving authorizations through a delegation network, and where each delegation and authorization is expressed in the form of a belief measure. An entity's total authorization for a given resource object and access type can be derived by analyzing the delegation network using subjective logic.