1. Field of the Invention
Aspects of the present invention relate to an apparatus and method to control access in a peer-to-peer (P2P) network, and more particularly, to an apparatus and method to control access in a P2P network, in which an attribute is evaluated without the help of a central server during a remote service request to thereby control service access.
2. Description of the Related Art
When services are exchanged between users in a network, the most common access control method is that in which access to services for each user is controlled based on the identities of service requesters. To efficiently realize expanded implementations, an RBAC (Role-Based Access Control) method has been used in which service requesters are grouped together according to role, and access authorization is granted according to role. In RBAC, access authorization with respect to services is specified in an ACL (Access Control List) according to the identities or roles of service requesters. Based on such a scheme, a service provider provides services to service requesters that match their access authorizations.
An ABAC (Attribute-Based Access Control) method has been disclosed in an effort to provide access control that is more varied and segmented than RBAC. In ABAC, there are three main types of attributes that are used as a determination standard for access control. These attributes include attributes of service requesters, attributes of services, and attributes of service environment. Attributes of service requesters may include the age, name, etc., of service requesters; attributes of services may include the category of requested services; and attributes of service environment may include service request area, time, etc.
However, a drawback of conventional RBAC and ABAC methods is that registration with respect to the identity, role, and attribute of each user must be performed with the service provider beforehand. For example, in the case of ABAC, if a service requester that has not already been registered makes a request for a service, attribute inquiries to enable access control for the service requestor is not possible. Accordingly, there is a need for a method of dynamically performing access control with respect to service requesters having attributes that are not pre-registered with a service provider.