Proceedings of the 4th symposium on Usable privacy and security
A secure collaborative web-based environment for virtual organisations
International Journal of Web Based Communities
Dynamic VO Establishment in Distributed Heterogeneous Business Environments
ICCS 2009 Proceedings of the 9th International Conference on Computational Science
An advanced policy based authorisation infrastructure
Proceedings of the 5th ACM workshop on Digital identity management
Instant certificate revocation and publication using WebDAV
Journal of Computer Security - The 2007 European PKI Workshop: Theory and Practice (EuroPKI'07)
Semantic-based authorization architecture for Grid
Future Generation Computer Systems
Adjustable autonomy for cross-domain entitlement decisions
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Enforcing end-to-end application security in the cloud (big ideas paper)
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Idea: efficient evaluation of access control constraints
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Formalisation and implementation of the XACML access control mechanism
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
A privacy preserving authorisation system for the cloud
Journal of Computer and System Sciences
Application of self-adaptive techniques to federated authorization models
Proceedings of the 34th International Conference on Software Engineering
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Proceedings of the 12th International Middleware Conference
Enabling the autonomic management of federated identity providers
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
| Hi-index | 0.00 |
Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role-based authorization infrastructure along with its conceptual authorization, access control, and trust models. PERMIS has the novel concept of a credential validation service, which verifies a user's credentials prior to access control decision-making and enables the distributed management of credentials. PERMIS also supports delegation of authority; thus, credentials can be delegated between users, further decentralizing credential management. Finally, PERMIS supports history-based decision-making, which can be used to enforce such aspects as separation of duties and cumulative use of resources. Details of the design and the implementation of PERMIS are presented along with details of its integration with Globus Toolkit, Shibboleth, and GridShib. A comparison of PERMIS with other authorization and access control implementations is given, along with suggestions where future research and development are still needed. Copyright © 2008 John Wiley & Sons, Ltd.