Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Proceedings of the 6th international workshop on Middleware for grid computing
Authorisation infrastructure for on-demand network resource provisioning
GRID '08 Proceedings of the 2008 9th IEEE/ACM International Conference on Grid Computing
Hi-index | 0.00 |
Policy definition is an important component of the consistent authorisation service infrastructure that could be effectively integrated with the general resource provisioning workflow and network control and management plane. The paper describes the proposed XACML-NRP policy and attributes profile for Network Resource Provisioning. In addition to specifying a set of subject, resource, action attributes that are required for consistent XACML policy definition, the proposed profile allows also handling network path information what is especially important for QoS enforcement. To overcome stateless character of XACML policies, the proposed authorisation infrastructure provides a number of security mechanisms to support such important for NRP functionality as authorisation session and interdomain security context management, simple delegation, conditional authorisation decisions, and policy obligations handling.