A Flexible Framework for Access Control Based on Ability Authentication

We investigate the notion of authentication procedure. We show how this can be split in several phases: establishing that an ability can be performed, deducing a certain information from such an ability, witnessing the authenticity of the information deduced from the ability. In our framework, ability means that one is able to perform role in a protocol. We argue that the concept of ability authentication is more general that the one of identity authentication, that is commonly used in AAA systems. The flexibility provided by our framework of authentication seems also suitable for ubiquitous computing scenarios.