This invention relates to a method and apparatus for controlling access by users to target applications in a distributed computer system.
A framework for security in a distributed computer system has been proposed by the European Computer Manufacturer's Association (ECMA) and is described in the following references.
1) ECMA TR/46 "Security in Open Systems--a Security Framework" July 1988. PA0 2) ECMA standard ECMA/138 December 1989. PA0 3) "Network Access Control Development", COMPACS 90 Conference, London, March 1990. PA0 a) means for issuing privilege attribute certificates (PACs) to the initiator entities, PA0 b) verification means for verifying the PACs, and PA0 c) key distribution means for issuing cryptographic keys to the initiator entities, characterised in that:
The ECMA security framework permits a user to be authenticated to the system, and to obtain as a result a data package referred to as a privilege attribute certificate (PAC) which represents a certified collection of access rights. When the user wishes to access a target application, the user presents the PAC to that application as evidence of the user's access rights. The use of such PACs is described in our co-pending British Patent Application No 9015104.4.
It has been proposed to provide a special unit, referred to herein as a PAC validation facility (PVF) which can be used by the target applications to validate the PACs presented to the target applications.
It has also been proposed to provide a special unit referred to as a key distribution server (KDS) whose function is to provide encryption keys to users and applications on request, for use in communicating with other units in the system.
Typically, a PAC may be used several times by a user, to access several different target applications. It may also be permissible for a target application to use a PAC as a "proxy", to access a further target application on behalf of the user. However, such proxy use is undesirable if the first target application cannot be trusted not to misuse the PAC.
The object of the present invention is to provide a way of controlling proxy use of a PAC, while at the same time permitting the PAC to be used with many targets.