A ticket-based access control architecture for object systems 1

The design and implementation of authorization services for distributed object systems are hindered by the semantic diversity of object models, the brittleness of access control mechanisms, and the lack of design and analysis tools. This paper presents a primitive ticket-based access control architecture that can model a variety of authorization policies. The access control architecture is integrated within a primitive distributed object model that can capture most distributed object languages and systems. The integration provides a common foundation for access control in heterogeneous distributed object systems, instrumental to achieving high assurance secure interoperability.