Seminars will be held in the Lecture Theatre 1 - William Gates Building, Computer Laboratory at 4.15pm

	See also: Networks & OS seminars Security seminars Logic and Semantics seminars Additional meetings weekly timetable for other meetings

David Chadwick

The PERMIS X.509 Role Based Privilege Management Infrastructure

This talk will describe a policy driven role based access control system developed under the EC PERMIS project. The user's roles, and the policy are stored in X.509 Attribute Certificates. The policy, written in XML, describes who is trusted to allocate roles to users, and what permissions each role has. The DTD has been published at XML.org. Access control decisions are made by an Access Control Decision Function consisting of just three Java methods and a constructor. The decision is made according to the requested mode of access, the user's trusted roles and the policy. We also have a tool, the Privilege Allocator, that makes ACs and stores them in an LDAP directory.