Self Authenticating Proxies

Abstract

Authentication and access control are usually implemented as two separate protection mechanisms because they are logically separate functions. A consistent approach to both of these functions is proposed in this paper. In this new approach, resource management, another aspect of protection, can also be included. By combining the properties of public key encryption with cascading proxies, a single mechanism is devised to provide these three aspects of protection. The mechanism provides independence from the system infrastructure and from any particular security domain, control policy or authentication server, enabling principles to define and enforce their own protection requirements.