Reliable File Transfer in Grid Environments
LCN '02 Proceedings of the 27th Annual IEEE Conference on Local Computer Networks
HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Workflow-based Authorization Service in Grid
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
The Grid 2: Blueprint for a New Computing Infrastructure
The Grid 2: Blueprint for a New Computing Infrastructure
Traust: a trust negotiation-based authorization service for open systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Self-Describing Delegation Networks for the Web
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Dynamic, context-aware, least-privilege grid delegation
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
Euro-Par'07 Proceedings of the 2007 conference on Parallel processing
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Hi-index | 0.00 |
Grids are intended to enable cross-organizational interactions which makes Grid security a challenging and non-trivial issue. In Grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current Grid systems there is a trade-off between flexibility and security in the context of delegation. Applications must choose between limited or full delegation: on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility/dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. In this paper, we propose an on-demand restricted delegation mechanism, aimed at addressing the shortcomings of current delegation mechanisms by providing restricted delegation in a flexible fashion as needed for Grid applications. This mechanism provides an ontology-based solution for tackling one the most challenging issues in security systems, which is the principle of least privileges. It utilizes a callback mechanism, which allows on-demand provisioning of delegated credentials in addition to observing, screening, and auditing delegated rights at runtime. This mechanism provides support for generating delegation credentials with a very limited and well-defined range of capabilities or policies, where a delegator is able to grant a delegatee a set of restricted and limited rights, implicitly or explicitly.