A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
PKI: It's Not Dead, Just Resting
Computer
The PERMIS X.509 role based privilege management infrastructure
Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
Role-Based Access Control for Grid Database Services Using the Community Authorization Service
IEEE Transactions on Dependable and Secure Computing
A Multipolicy Authorization Framework for Grid Security
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Grid Computing Security
Foundations of Security: What Every Programmer Needs to Know
Foundations of Security: What Every Programmer Needs to Know
Shibboleth-based Access to and Usage of Grid Resources
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Cacheable Decentralized Groups for Grid Resource Access Control
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
The Journal of Supercomputing
Journal of Network and Computer Applications
Hi-index | 0.00 |
Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate the secure communication of such user attributes within a trust federation. This paper describes a role-based access control framework that exploits Shibboleth attribute handling and CAS (Community Authorization Services) within a Grid environment. Users are able obtain appropriate access levels to resources outside of their domain on the basis of their native privileges and resource policies. This paper describes our framework and discusses issues of security and manageability.