A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Using events to build large scale distributed applications
EW 7 Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications
Using events to build large scale distributed applications
EW 7 Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications
Resource management for global public computing: many policies are better than (n)one
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
| Hi-index | 0.00 |
There is a developing need for applications and distributed services to cooperate or inter-operate. Current mechanisms can hide the heterogeneity of host operating systems and abstract the issues of distribution and object location. However, in order for systems to inter-operate securelythere must also be ways to hide differences in security policies, or at least to support negotiation between them.Other proposals for the interworking of security mechanisms have focussed on the enforcement of access policy at the expense of flexibility of expression of policy. This work describes a new architectural approach to security. The key idea is that a processis the universal client entity; a process may act on behalf of an identified individual as in traditional security schemes. More generally, a process may adopt an application-specific name or role, and this is used as the basis for authentication in Oasis. A service may then be written in terms of service-specific categories of clients, decoupled from the mechanisms used to specify and enforce access control policy.This approach allows great flexibility when integrating a number of services, and reduces the mismatch of policies that is common in heterogeneous systems. In addition, Oasis services may be integrated with alternative authentication and access control schemes, providing a truly open architecture.A flexible security definition is meaningless if not backed by a robust and efficient implementation. Oasis has been fully implemented, and is inherently distributed and scalable. In this paper we describe the general approach then concentrate on revocation, where security designs are most often criticised. Oasis is unique in supporting the rapid and selective revocation of privileges which can cascade between services and organisations.