摘要 |
<p>A distributed computer system, has a number of users and target applications. When a user logs on to the system, an authentication unit issues the user with a privilege attribute certificate (PAC) representing the user's access rights. When the user wishes to access a target application, he presents the PAC to that application as evidence of his access rights. The application, in turn, passes the PAC to a PAC use monitor (PUM) which validates the PAC. The PUM is shared between a plurality of applications. <IMAGE></p> |