A Knowledge-Based Approach to Internet Authorizations
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
A theorem on grid access control
Journal of Computer Science and Technology - Grid computing
Access control in semantic grid
Future Generation Computer Systems - Special issue: Semantic grid and knowledge grid: the next-generation web
| Hi-index | 0.00 |
One of the most difficult problems to be solved by metacomputing systems is to ensure strong authentication and authorization. The problem is complicated since the hosts involved in a metacomputing environment often span multiple administrative domains, each with its own security policy. This paper presents a distributed authorization model used by our resource allocation system, the Prospero Resource Manager.The main components of our design are Extended Access Control Lists, EACLs, and a General Authorization and Access API, GAA API. EACLs extend conventional ACLs to allow conditional restrictions on access rights. In the case of the Prospero Resource Manager, specific restrictions include limits on the computational resources to be consumed and on the characteristics of the applications to be executed by the system, such as name, version or endorser. The GAA API provides a general framework for applications to access the EACLs. We have built a prototype of the system.