Practical Decentralized Attribute-Based Delegation using Secure Name Systems

TL;DR

This paper presents a practical decentralized attribute-based delegation system built on the GNU Name System, addressing trust centralization issues and enabling cross-domain authorization with improved security and usability.

Contribution

It introduces a novel implementation of attribute-based delegation on top of GNS, demonstrating its practicality for real-world authorization scenarios.

Findings

Successfully implemented ABD on GNS for real-world use

Enhanced decentralization of trust and authorization

Demonstrated feasibility and security of the approach

Abstract

Identity and trust in the modern Internet are centralized around an oligopoly of identity service providers consisting solely of major tech companies. The problem with centralizing trust has become evident in recent discoveries of mass surveillance and censorship programs as well as information leakage through hacking incidents. One approach to decentralizing trust is distributed, attribute-based access control via attribute-based delegation (ABD). Attribute-based delegation allows a large number of cross-domain attribute issuers to be used in making authorization decisions. Attributes are not only issued to identities, but can also be delegated to other attributes issued by different entities in the system. The resulting trust chains can then be resolved by any entity given an appropriate attribute storage and resolution system. While current proposals often fail at the practicability, we show how attribute-based delegation can be realized on top of the secure GNU Name System (GNS) to solve an authorization problem in a real-world scenario.