Approaches to secure delegation in distributed systems

The authors present two delegation schemes and a revocation scheme for distributed systems based on adaptation and extensions of the recent C_sig cryptosystem of Zheng and Seberry (1992). The first delegation scheme is general in the sense that the originator of the delegation only specifies one delegate. The originator has no control over who finally executes the delegated task and who participates in the formation of the delegation chain. The second delegation scheme addresses the opposite situation which the originator specifies not only the executor of the delegated task, but also the intermediaries that form the delegation chain. The scheme has the advantage of the executor being able to verify the trustworthiness of the selected intermediaries through their correct delivery of the delegation certificate. Complementing the delegation schemes is a revocation scheme based on the notion of continued affirmation by the originator. The scheme uses a global clock to provide each component of the distributed system with a uniform time value. Affirmation tokens are derived using the time values, and failure of the originator's affirmation token to reach the executor results in a time-out and in the revocation of the delegation