Consumable Credentials in Logic-Based Access-Control Systems
We present a method to implement consumable credentials in a logic-based distributed authorization system. Such credentials convey use-limited authority (e.g., to open a door once) or authority to utilize resources that are themselves limited (e.g., concert tickets). We design and implement mechanisms to enforce the consumption of credentials in a distributed system, and to protect credentials from nonproductive consumption as might result from misbehavior or failure. We explain how these mechanisms can be used to support a distributed authorization system that uses a linear access-control logic. Finally, we give several usage examples in the framework, and evaluate the performance of our implementation for use in a ubiquitous computing deployment at our institution.
