Project-summary-paragraph
Authorization must be a cornerstone of effective security in distributed computing. Moreover, in large-scale systems authorization must itself be scalable. This project will conduct a holistic investigation by looking concurrently and synergistically at architecture, mechanisms, and models for scalable authorization. These three aspects are intertwined and mutually dependent, so decisions made in one impact the choices in others. Yet they can be profitably separated for scientific study. The project will develop and refine a set of architectures for enforcement and administration, and analyze their relative advantages and disadvantages. It will develop a systematic analysis of techniques for binding identity and authorization information, and the pros and cons of mechanisms based on different binding means. The third prong of the project will develop decentralized models for management of authorizations. This project will undertake theoretical and conceptual basic research augmented by selected proof-of-concept experiments to validate the theory.
