Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
The PERMIS X.509 role based privilege management infrastructure
Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
Towards reasonability properties for access-control policy languages
Proceedings of the eleventh ACM symposium on Access control models and technologies
Role-based access control for data service integration
Proceedings of the 3rd ACM workshop on Secure web services
Certificate-based access control for widely distributed resources
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Authorization and Account Management in the Open Science Grid
GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
Toward Seamless Grid Data Access: Design and Implementation of GridFTP on .NET
GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Using XACML for privacy control in SAML-based identity federations
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
EGC'05 Proceedings of the 2005 European conference on Advances in Grid Computing
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Hi-index | 0.00 |
Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for Grid data and then consider six specific data access use-cases that have been problematic in today’s Grids: attribute-based access, role-based access, “role-deny” access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the Security Policy Assertion Language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a Grid access control policy language, thereby creating support for a wide range of expanded scenarios for Grid data access.