Abstract
Access control in information-centric networking (ICN) architectures is both a challenging and critical problem. This happens because ICN architectures are content-oriented and location-independent, therefore, a piece of content can be retrieved from multiple locations. In many cases these locations are outside the administrative realm of the content owner. Implementing access control policies in this environment requires that storage nodes are capable of interpreting complex access control policies, or even business relationships and structures. In this paper we overcome this problem by leveraging verifiable credentials (VCs). VCs are a mean for representing real world credentials in the cyber world. VCs are machine readable and self-verifiable. A user can prove that he/she is a VC holder by issuing an appropriate proof, which can be verified deterministically, without requiring any knowledge about the semantics or the business relationship behind a VC. With our solution, a content owner includes in an item’s metadata a VC “proof-request,” which represents the access control policy that protects this item. Any third party, and independently of the content owner, can use this proof-request to perform user authorization, in a secure and privacy preserving way.