Access control for large collections
ACM Transactions on Information Systems (TOIS)
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Rationale for the RBAC96 family of access control models
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Towards a task-based paradigm for flexible and adaptable access control in distributed applications
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
Protection in operating systems
Communications of the ACM
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Role-Based Access Control With X.509 Attribute Certificates
IEEE Internet Computing
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security (TISSEC)
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Toward an On-Demand Restricted Delegation Mechanism for Grids
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
| Hi-index | 0.00 |
Performing delegation in large scale, dynamic and distributed environments with large numbers of shared resources is more challenging than inside local administrative domains. In dynamic environments like Grids, on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility and dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. This issue has not yet been adequately addressed by current Grid security mechanisms and is becoming a very challenging and crucial issue for future Grid development. Therefore, providing an effective delegation mechanism which meets the requirements of the least privilege principle is becoming an essential need. Furthermore, we are witnessing a phenomenal increase in the automation of organizational tasks and decision making, as well as the computerization of information related services, requiring automated delegation mechanisms. In order to meet these requirements we introduce an Active Delegation Framework which extends our previous work on on-demand delegation, making it context-aware. The framework provides a just-in-time, restricted and dynamic delegation mechanism for Grids. In this paper we describe the development of this framework and its implementation and integration with the Globus Toolkit.