Authorising a computing entity using path label sequences

摘要

Bindings between pairs of computing entities in a network are represented by locally assigned labels. Multiple bindings that traverse a path between entities form a delegation chain of trust that can be validated. When an entity commences a transaction 302 with an authorising entity it presents the delegation chain 304 on which it relies including the labels assigned to the bindings representing the various delegations in the path. The authorising entity derives a path label sequence for the delegation chain 308, e.g. from an X.509 certificate chain, and compares the label sequence against a label sequence template 310 to ensure the chain is permissible. If a matching condition is identified 312 the entity is authorised. The invention may be used to implement an access control list (ACL).