Freshness Constraints Semantics of RT Framework Credentials

The paper focuses on problem of credential revocation in distributed environment where credentials are dispersed among users and there is no simple way to cancel already issued credential. To overcome presented problem, access requests acceptors must contact each credential issuer in order to check its validity status. This process is not always acceptable as it imposes more system load. The work focuses on RT Framework and RT credentials. The proposed solution associates with each credential a freshness constraint which defines how long the credential can be regarded as valid after last validity check. Constraints are propagated along a credential chain that makes the user be granted access to a shared resource. Article presents model and its semantics. The semantics associates each RT credential with a freshness constraint that should be used during credential validity check. The solution provides mechanism for cancelling RT credentials that allows controlling access to shared resources in a fine manner and limit system load.