ABSTRACT
Central to the study of distributed access control is the notion of delegation. A fundamental property of distributed systems is their lack of locality: the originators of requests, the principals that vouch for various forms of identity and authorizations, and the reference monitors that guard resources are generally not in the same location. Furthermore, requests are typically made by delegates, in many cases processes operating on behalf of people. Likewise, credentials are signed not by human hands but with digital signatures. A critical question naturally arises: how do we evaluate access requests made by principals acting on behalf of others?
