Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
A Realization Scheme for the Identity-Based Cryptosystem
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
The PERMIS X.509 role based privilege management infrastructure
Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
A usage-based authorization framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Domain Based Access Control Model for Distributed Collaborative Applications
E-SCIENCE '06 Proceedings of the Second IEEE International Conference on e-Science and Grid Computing
Obligations for Role Based Access Control
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Dynamic security context management in Grid-based applications
Future Generation Computer Systems
Using Workflow for Dynamic Security Context Management in Grid-based Applications
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
The token based switch: per-packet access authorisation to optical shortcuts
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Applications drive secure lightpath creation across heterogeneous domains
IEEE Communications Magazine
Multi-domain lightpath authorization, using tokens
Future Generation Computer Systems
Supporting communities in programmable grid networks: gTBN
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
| Hi-index | 0.00 |
High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (NRP). We propose a general Complex Resource Provisioning (CRP) model that can be used as a basis for AuthZ infrastructure development providing a common abstraction for provisioning both network and Grid resources. This model allows common policy expressions, using single user sign-on credentials when requesting and accessing complex Grid-Network resources. The implementation described is based on the generic AAA Authorisation Framework (GAAA-AuthZ) and suggests a number of security mechanisms and components that extends GAAA-AuthZ to achieve consistent policy enforcement and security context management: Token Validation Service (TVS), AuthZ ticket used for AuthZ session management, a special XACML profile for NRP, reference model for policy obligations handling (OHRM). The proposed infrastructure and solutions are being implemented in the framework of the EU project Phosphorus and use authors experiences gained from the major Grid based and Grid oriented projects.