Distributed trust management system and method for obtaining distributed credential chain

Abstract

The invention relates to a distributed trust management system, which comprises: connected by turns, an attribute authorization module, a trust certificate management module, a trust certificate chart construction module, an engine interface module, and local trust certificate storage module. It also relates to a method to acquire distributed trust certificate link: receiving find request for trust certificate link; constructing trust certificate chart; extracting all paths of appointed nodes to output. This invention adds depth and attribute constrain to RTML, and improves algorithm efficiency and system performance.

Description

technical field [0001] The present invention relates to a distributed trust management system and a method for obtaining distributed trust certificate chains, in particular to a trust management system based on attribute delegation and applicable to distributed large-scale network computing environments such as grids and its A method to construct a trust certificate graph and a backward search algorithm to obtain a distributed trust certificate chain. Background technique [0002] Grid computing belongs to large-scale network computing, and has effectively solved the problem of dynamic resource sharing and collaboration across multiple virtual organizations at this stage. With the continuous expansion of the application scale and scope of large-scale network computing, in this Various application entities in the network are distributed more and more widely, and they are often located in different security domains and are not familiar with each other. This kind of trust manag...

AI Technical Summary

Problems solved by technology

Although GSI uses XACML to support the authorization of comprehensive user attribute information, and encapsulates user attribute information based on SAML, and transfers trust relationships through delegation mechanisms such as MyProxy, this MyProxy provides a method that can be used to map users to their Mechanism of grid credential, but due to the lack of attribute-based trust management mechanism, the ability to support large-scale dynamic collaborative applications across security domains is insufficient

[0006] 2. Insufficient support for attribute information

In the current authentication system in the grid, a certificate chain similar to PKIX is used to construct the trust relationship, but this certificate chain can only constrain relatively simple attribute information, but cannot restrict complex attribute information (general trust certificates). Information such as age in) constraints

[0007] 3. Single trust chain construction mechanism

[0009] 1. RTML mainly considers the agent logic of the role and the trust certificate chain discovery algorithm, and does not take into account the flexibility of security policy requirements in practical applications;

[0010] 2. It does not take into account the depth constraints of the delegation mechanism in practical applications, which is an important security constraint information for typical applications, otherwise the subject will continue to expand the trust chain, affecting the availability and performance of the system;

[0011] 3. Insufficient support for attribute constraints, RTML can only express centralized typical constraints, and cannot support more constraint methods and attribute information;

[0012] 4. So far, there is still no practical trust management system that supports the functions expressed in RTML language

Images