Authentication and Authorization Infrastructures (AAIs): A Comparative Survey

TitleAuthentication and Authorization Infrastructures (AAIs): A Comparative Survey
Publication TypeJournal Article
Year of Publication2004
AuthorsJ. Lopez, R. Oppliger, and G. Pernul
JournalComputers & Security
Volume23
Number7
Pagination578-590
PublisherElsevier
ISSN Number0167-4048
Abstract

In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed systems, and that proper authorization and access control requires infrastructural support in one way or another. This support can be provided, for example, by an authentication and authorization infrastructure (AAI). Against this background, we overview, analyze, discuss, and put into perspective some technologies that can be used to build and operate AAIs. More specifically, we address Microsoft .NET Passport and some related activities (e.g. the Liberty Alliance Project), Kerberos-based solutions, and AAIs that are based on digital certificates and public key infrastructures (PKIs). We conclude with the observation that there is no single best approach for providing an AAI, that every approach has specific advantages and disadvantages, and that a comprehensive AAI must combine various technologies and approaches.

Citation KeyJavierLopez2004
Paper File: 
https://www.nics.uma.es/sites/default/files/papers/JavierLopez2004.pdf