Explicit Delegation Using Configurable Cookies
Accepted version
Peer-reviewed
Repository URI
Repository DOI
Change log
Authors
Abstract
Password sharing is widely used as a means of delegating access, but it is open to abuse and relies heavily on trust in the person being delegated to. We present a protocol for delegating access to websites as a natural extension to the Pico protocol. Through this we explore the potential characteristics of delegation mechanisms and how they interact. We conclude that security for the delegator against misbehaviour of the delegatee can only be achieved with the cooperation of the entity offering the service being delegated. To achieve this in our protocol we propose configurable cookies that capture delegated permissions.
Description
Keywords
46 Information and Computing Sciences, 4604 Cybersecurity and Privacy
Journal Title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Conference Name
Cambridge International Workshop on Security Protocols
Journal ISSN
0302-9743
1611-3349
1611-3349
Volume Title
10368 LNCS
Publisher
Springer
Publisher DOI
Sponsorship
European Research Council (307224)
We are grateful to the European Research Council for funding this research through grant StG 307224 (Pico).