An authorization framework for metacomputing applications

Authors:
T. V. Ryutov;G. Gheorghiu;B. C. Neuman
Affiliations:
Information Sciences Institute, University of Southern California, 4676 Admiralty Way, Suite 1001, Marina del Rey, CA 90292, USA;Information Sciences Institute, University of Southern California, 4676 Admiralty Way, Suite 1001, Marina del Rey, CA 90292, USA;Information Sciences Institute, University of Southern California, 4676 Admiralty Way, Suite 1001, Marina del Rey, CA 90292, USA
Venue:
Cluster Computing
Year:
1999

Citing 7
Cited 5

Access control for collaborative environments

CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
A framework for distributed authorization

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The grid: blueprint for a new computing infrastructure

The grid: blueprint for a new computing infrastructure
The Performance of a Reliable, Request-Response Transport Protocol

ISCC '99 Proceedings of the The Fourth IEEE Symposium on Computers and Communications
The CRISIS wide area security architecture

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Resource access control for an internet user agent

COOTS'97 Proceedings of the 3rd conference on USENIX Conference on Object-Oriented Technologies (COOTS) - Volume 3

Supporting Secure Ad-hoc User Collaboration in Grid Environments

GRID '02 Proceedings of the Third International Workshop on Grid Computing
Toward Realizable Restricted Delegation in Computational Grids

HPCN Europe 2001 Proceedings of the 9th International Conference on High-Performance Computing and Networking
Certificate-based authorization policy in a PKI environment

ACM Transactions on Information and System Security (TISSEC)
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Access control for a replica management database

Proceedings of the second ACM workshop on Storage security and survivability

Quantified Score

Hi-index	0.00

Visualization

Abstract

To span administrative boundaries, metacomputing systems require the integration of strong authentication and authorization methods. The problem is complicated because different components of the system may have different security policies. This paper presents a distributed model for authorization that we have integrated with the Prospero Resource Manager, a metacomputing resource allocation system developed at USC. The integration of authorization with PRM was accomplished through the specification of a policy language and the use of a Generic Authorization and Access-control API (GAA API). The language supports the specification of diverse authorization policies including ACLs, capabilities and lattice-based access controls. The GAA API provides a uniform authorization service interface for facilitating access control decisions and requesting authorization information about a particular resource. We describe a prototype of our system.