An approach to role-based access control for digital content
|Autoren|| Edgar Weippl|
|Titel||An approach to role-based access control for digital content|
|Buchtitel||Proc. Int. Conf. on Information Technology: Coding and Computing (ITCC 2001)|
|Ort||Las Vegas, NV, USA|
Role-based access control is the state-of-the-art mechanism for restricting access to resources. Today, digital content is distributed via CD-ROMS and the Internet with little or no protection. Using widely available public key cryptography, we propose to extend the paradigm of role-based access control to digital content by encapsulating it into secure document containers. Certification authorities can certify that a specific user belongs to certain group and can thus be granted access to systems (i.e. document containers) that do not know who the user actually is. Online distribution of one-time keys can be used to avoid various attacks like replays.