A Delegation Logic Based Authorization Mechanism for Virtual Organizations

Authors:
Chunhua Gu;Xueqin Zhang;Guoxin Song
Affiliations:
College of Information Science and Engineering in East China University of Science and Technology, Shanghai, China;College of Information Science and Engineering in East China University of Science and Technology, Shanghai, China;College of Information Science and Engineering in East China University of Science and Technology, Shanghai, China
Venue:
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Year:
2005

Citing 10
Cited 0

Role-Based Access Control Models

Computer
SecureFlow: a secure Web-enabled workflow management system

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An access control framework for multi-user collaborative environments

GROUP '99 Proceedings of the international ACM SIGGROUP conference on Supporting group work
Access control mechanisms for inter-organizational workflow

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Virtual enterprise networks: the next generation of secure enterprise networking

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
The Anatomy of the Grid: Enabling Scalable Virtual Organizations

International Journal of High Performance Computing Applications
Task-Based access control for virtual organizations

FIDJI'04 Proceedings of the 4th international conference on Scientific Engineering of Distributed Java Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Because of the new business trends such as cooperating, downsizing and resource sharing, the use of virtual organization (VO) is gaining increasing importance as a model for building large-scale business information systems. Authorization is essential in VO in order to control the access to shared resources. But authorization in VO is challenging because the participants of VO need to collaborate in a distributed, dynamic and heterogeneous environment, and accordingly the access control policies are complex. A delegation logic based authorization mechanism is put forward in this paper. Our proposed approach translates the access requests, credentials and access policies into unified delegation logic rules. Based on the calculation on those rules, the access decision is made. We introduce the concept of Access Unit (AU), which wraps the AC system of a task. The rule exchange interface of AU is defined. The main contribution of this paper is that it suggests a practical mechanism for implementing authorization for VO. In essence, we propose an approach to enforce RBAC in VO based on task/project structure.