Role-Based Access Control Models
Computer
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Security, accounting, and assurance
The grid
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Standards for databases on the grid
ACM SIGMOD Record
Dynamic Context-aware Access Control for Grid Applications
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Access-Control Language for Multidomain Environments
IEEE Internet Computing
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Computer
Comparison of Advanced Authorisation Infrastructures for Grid Computing
HPCS '05 Proceedings of the 19th International Symposium on High Performance Computing Systems and Applications
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Role-Based Access Control for Grid Database Services Using the Community Authorization Service
IEEE Transactions on Dependable and Secure Computing
Secure cooperative access control on grid
Future Generation Computer Systems
| Hi-index | 0.00 |
In this paper, we propose a new role-based access control (RBAC) system for Grid data resources in the Open Grid Services Architecture Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used framework for integrating data resources in Grids. However, OGSA-DAI's identity-based access control causes substantial administration overhead for the resource providers in virtual organizations (VOs) because of the direct mapping between individual Grid users and the privileges on the resources. To solve this problem, we used the Shibboleth, an attribute authorization service, to support RBAC within the OGSA-DAI. In addition, access control policies need to be specified and managed across multiple VOs. For the specification of access control policies, we used the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML); and for distributed administration of those policies and the user-role assignments, we used the Object, Metadata and Artifacts Registry (OMAR). OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. Our RBAC system provides scalable and fine-grain access control and allows privacy protection. It also supports dynamic delegation of rights and user-role assignments, and reduces the administration overheads for the resource providers because they need to maintain only the mapping information from VO roles to local database roles. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC system adds only a small overhead to the existing security infrastructure of OGSA-DAI.