Building a Modular Authorization Infrastructure

Part of book or chapter of book English OPEN
Chadwick, David W. ; Zhao, Gansen ; Otenko, Sassa ; Laborde, Romain ; Su, Linying ; Nguyen, Tuan Anh (2006)
  • Subject: QA76
    acm: Software_OPERATINGSYSTEMS

Authorization infrastructures manage privileges and render access control decisions, allowing \ud applications to adjust their behavior according to the privileges allocated to users. This paper describes \ud the PERMIS role based authorization infrastructure along with its conceptual authorisation, access \ud control, and trust models. PERMIS has the novel concept of a credential validation service, which \ud verifies a user’s credentials prior to access control decision making and enables the distributed \ud management of credentials. Details of the design and the implementation of PERMIS are presented along \ud with details of its integration with Globus Toolkit, Shibboleth and GridShib. A comparison of PERMIS \ud with other authorization and access control implementations is given, along with our plans for the future.
  • References (23)
    23 references, page 1 of 3

    [1] D.W.Chadwick, A. Otenko “The PERMIS X.509 Role Based Privilege Management Infrastructure”. Future Generation Computer Systems, 936 (2002) 1-13, December 2002. Elsevier Science BV.

    [2] D.W.Chadwick. “Delegation Issuing Service”. NIST 4th Annual PKI Workshop, Gaithersberg, USA, April 19- 21 2005

    [3] ISO 9594-8/ITU-T Rec. X.509 (2001) “The Directory: Public-key and attribute certificate frameworks”

    [4] ISO 9594-8/ITU-T Rec. X.509 (2005) “The Directory: Public-key and attribute certificate frameworks”

    [5] Wensheng Xu, David Chadwick, Sassa Otenko. “Development of a Flexible PERMIS Authorisation Module for Shibboleth and Apache Server”. Proceedings of 2nd EuroPKI Workshop, University of Kent, July 2005

    [6] R. Alfieri et al. “VOMS: an Authorization System for Virtual Organizations”, 1st European Across Grids Conference, Santiago de Compostela, February 13-14, 2003

    [7] Martijn Steenbakkers “Guide to LCAS v.1.1.16”, Sept 2003. Available from http://www.dutchgrid.nl/DataGrid/wp4/lcas/edg-lcas-1.1

    [8] David Chadwick, Sassa Otenko, and Von Welch. “Using SAML to Link the GLOBUS Toolkit to the PERMIS Authorisation Infrastructure”. In Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Windermere, UK, September 2004.

    [9] I. Foster. “Globus Toolkit Version 4: Software for Service-Oriented Systems”. IFIP International Conference on Network and Parallel Computing, Springer-Verlag LNCS 3779, pp 2-13, 2005.

    [10] Barton, T., Basney, J., Freeman, T., Scavo, T., Siebenlist, F., Welch, V., Ananthakrishnan, R., Baker, B., and Keahey, K. “Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Gridshib, and MyProxy”, 5th Annual PKI R&D Workshop. April 2006.

  • Metrics
    0
    views in OpenAIRE
    0
    views in local repository
    20
    downloads in local repository

    The information is available from the following content providers:

    From Number Of Views Number Of Downloads
    Kent Academic Repository - IRUS-UK 0 20
Share - Bookmark