DeFIRED: Decentralized authorization with receiver-revocable and refutable delegations

Abstract

A lot of research has been done over the last few years regarding decentralized authorization and access control, with existing approaches like the WAVE framework removing the need to rely on centralized parties for the management of access policies. However, these solutions show shortcomings regarding revocations, by not allowing delegatees to revoke existing and decline incoming delegations. Therefore, in this paper, we present DeFIRED to address this problem. DeFIRED is a decentralized authorization framework which allows its users to generate and revoke chains of resource delegations in a secure and transitive manner. Furthermore, the framework also allows the delegatees to prove that certain resources have (not) been delegated to them. Experimental results indicate that DeFIRED achieves similar performance results compared to the state of the art.