Role-Based Access Control Models
Computer
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
ACM SIGAda Ada Letters
Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations
Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations
Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure
Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
RBAC Policies in XML for X.509 Based Privilege Management
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
Requirements for Policy Languages for Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
XML-Based Distributed Access Control System
EC-WEB '02 Proceedings of the Third International Conference on E-Commerce and Web Technologies
Walden: A Scalable Solution for Grid Account Management
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
X-RDR: a role-based delegation processor for web-based information systems
ACM SIGOPS Operating Systems Review
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
Ticket-based fine-grained authorization service in the dynamic VO environment
SWS '04 Proceedings of the 2004 workshop on Secure web service
Proceedings of the 3rd ACM workshop on Secure web services
Providing secure coordinated access to grid services
Proceedings of the 4th international workshop on Middleware for grid computing
A framework model for grid security
Future Generation Computer Systems
Resource management for global public computing: many policies are better than (n)one
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Coordinated decision making in distributed applications
Information Security Tech. Report
Supporting UK-wide e-clinical trials and studies
Proceedings of the 15th ACM Mardi Gras conference: From lightweight mash-ups to lambda grids: Understanding the spectrum of distributed computing requirements, applications, tools, infrastructures, interoperability, and the incremental adoption of key capabilities
Patterns for session-based access control
Proceedings of the 2006 conference on Pattern languages of programs
Formal Model for Contract Negotiation in Knowledge-Based Virtual Organizations
ICCS '08 Proceedings of the 8th international conference on Computational Science, Part III
A Novel Automated Trust Negotiation Framework for Securing Grids
Computer Supported Cooperative Work in Design IV
Fine-grained access control for GridFTP using SecPAL
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
Shibboleth-based Access to and Usage of Grid Resources
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
An Account Policy Model for Grid Environments
GPC '09 Proceedings of the 4th International Conference on Advances in Grid and Pervasive Computing
A Clinical Grid Infrastructure Supporting Adverse Hypotensive Event Prediction
CCGRID '09 Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid
Authorisation infrastructure for on-demand network resource provisioning
GRID '08 Proceedings of the 2008 9th IEEE/ACM International Conference on Grid Computing
A flexible delegation processor for web-based information systems
Computer Standards & Interfaces
Enhancing privacy and authorization control scalability in the grid through ontologies
IEEE Transactions on Information Technology in Biomedicine
Building the PolarGrid portal using web 2.0 and OpenSocial
Proceedings of the 5th Grid Computing Environments Workshop
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
A layered Virtual Organization architecture for grid
The Journal of Supercomputing
A role and attribute based access control system using semantic web technologies
OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems - Volume Part II
A PMI-aware extension for the SSH service
PPAM'07 Proceedings of the 7th international conference on Parallel processing and applied mathematics
On usage control for GRID systems
Future Generation Computer Systems
A conceptual model for attribute aggregation
Future Generation Computer Systems
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Retelab: A geospatial grid web laboratory for the oceanographic research community
Future Generation Computer Systems
Shibboleth and community authorization services: enabling role-based grid access
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part II
Integrating legacy authorization systems into the grid: a case study leveraging azman and ADAM
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part I
Attribute-Based authentication and authorisation infrastructures for e-commerce providers
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
GPC'10 Proceedings of the 5th international conference on Advances in Grid and Pervasive Computing
Experiences of applying advanced grid authorisation infrastructures
EGC'05 Proceedings of the 2005 European conference on Advances in Grid Computing
Semantic access control model: a formal specification
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A standards-based interoperable single sign-on framework in ARC Grid middleware
Journal of Network and Computer Applications
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Policy-Based vulnerability assessment for virtual organisations
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Ubiquitous-City Integrated Authentication System (UCIAS)
Journal of Intelligent Manufacturing
| Hi-index | 0.00 |
This paper describes the ECPERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.