Explicit Delegation Using Configurable Cookies

Llewellyn-Jones, David; Jenkinson, G; Stajano, Francesco

View / Open Files

Accepted version (PDF, 1Mb)

Authors

Llewellyn-Jones, David

Jenkinson, G

Stajano, Francesco

Journal Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Conference Name

Cambridge International Workshop on Security Protocols

ISSN

0302-9743

Publisher

Springer

Volume

10368 LNCS

Pages

141-152

Language

English

Type

Conference Object

This Version

Metadata

Show full item record

Citation

Llewellyn-Jones, D., Jenkinson, G., & Stajano, F. (2017). Explicit Delegation Using Configurable Cookies. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10368 LNCS 141-152. https://doi.org/10.1007/978-3-319-62033-6_17

Abstract

Password sharing is widely used as a means of delegating access, but it is open to abuse and relies heavily on trust in the person being delegated to. We present a protocol for delegating access to websites as a natural extension to the Pico protocol. Through this we explore the potential characteristics of delegation mechanisms and how they interact. We conclude that security for the delegator against misbehaviour of the delegatee can only be achieved with the cooperation of the entity offering the service being delegated. To achieve this in our protocol we propose configurable cookies that capture delegated permissions.

Sponsorship

European Research Council (Grant ID: StG 307224)

Funder references

European Research Council (307224)

Identifiers

External DOI: https://doi.org/10.1007/978-3-319-62033-6_17

This record's URL: https://www.repository.cam.ac.uk/handle/1810/256299

Rights

Licence:

http://www.rioxx.net/licenses/all-rights-reserved