Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A framework for distributed authorization
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The grid: blueprint for a new computing infrastructure
The grid: blueprint for a new computing infrastructure
The Diesel Combustion Collaboratory: combustion researchers collaborating over the Internet
SC '99 Proceedings of the 1999 ACM/IEEE conference on Supercomputing
Professional Apache
Capability-Based Computer Systems
Capability-Based Computer Systems
An authorization framework for metacomputing applications
Cluster Computing
Computational grids in action: the national fusion collaboratory
Future Generation Computer Systems - Grid computing: Towards a new computing infrastructure
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Certificate-based access control for widely distributed resources
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The CRISIS wide area security architecture
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
PKI-Based Security for Peer-to-Peer Information Sharing
P2P '04 Proceedings of the Fourth International Conference on Peer-to-Peer Computing
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
A usage-based authorization framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Role-based access management for ad-hoc collaborative sharing
Proceedings of the eleventh ACM symposium on Access control models and technologies
Proceedings of the 3rd ACM workshop on Secure web services
Dynamic security perimeters for inter-enterprise service integration
Future Generation Computer Systems
A framework model for grid security
Future Generation Computer Systems
X-FEDERATE: A Policy Engineering Framework for Federated Access Management
IEEE Transactions on Software Engineering
Information Security Tech. Report
Access control for the services oriented architecture
Proceedings of the 2007 ACM workshop on Secure web services
What can identity-based cryptography offer to web services?
Proceedings of the 2007 ACM workshop on Secure web services
Secure web service federation management using tpm virtualisation
Proceedings of the 2007 ACM workshop on Secure web services
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Security in grid computing: A review and synthesis
Decision Support Systems
On the design, implementation and application of an authorisation architecture for web services
International Journal of Information and Computer Security
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
An access control mechanism for P2P collaborations
DaMaP '08 Proceedings of the 2008 international workshop on Data management in peer-to-peer systems
Controlling Usage in Business Process Workflows through Fine-Grained Security Policies
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
A Novel Automated Trust Negotiation Framework for Securing Grids
Computer Supported Cooperative Work in Design IV
Dynamic, context-aware, least-privilege grid delegation
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
Content-based organisation of virtual repositories of DICOM objects
Future Generation Computer Systems
Efficient integration of fine-grained access control and resource brokering in grid
The Journal of Supercomputing
A negotiation-based trust establishment service for CROWN grid
International Journal of Autonomous and Adaptive Communications Systems
Enhancing privacy and authorization control scalability in the grid through ontologies
IEEE Transactions on Information Technology in Biomedicine
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
A layered Virtual Organization architecture for grid
The Journal of Supercomputing
Context adapted certificate using morph template signature for pervasive environments
UCS'07 Proceedings of the 4th international conference on Ubiquitous computing systems
A group selection pattern for agent-based virtual organizations coordination in grids
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems - Volume Part I
Extending the globus architecture with role-based trust management
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
Detecting conflicts in ABAC policies with rule-reduction and binary-search techniques
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
A security framework for a workflow-based grid development platform
Computer Standards & Interfaces
On usage control for GRID systems
Future Generation Computer Systems
Distributed usage control architecture for business coalitions
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Daonity: protocol solutions to grid security using hardware strengthened software environment
Proceedings of the 15th international conference on Security protocols
A service oriented architecture for authorization of unknown entities in a grid environment
SMO'05 Proceedings of the 5th WSEAS international conference on Simulation, modelling and optimization
Practical applications in grid computing
SMO'05 Proceedings of the 5th WSEAS international conference on Simulation, modelling and optimization
Role-based secure inter-operation and resource usage management in mobile grid systems
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Trust management languages and complexity
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part II
An authorization framework for sharing data in web service federations
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Attribute-Based authentication and authorisation infrastructures for e-commerce providers
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
GPC'10 Proceedings of the 5th international conference on Advances in Grid and Pervasive Computing
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
A standards-based interoperable single sign-on framework in ARC Grid middleware
Journal of Network and Computer Applications
Model driven security for inter-organizational workflows in e-government
TCGOV'05 Proceedings of the 2005 international conference on E-Government: towards Electronic Democracy
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
X316 security toolbox for new generation of certificate
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Secure cooperative access control on grid
Future Generation Computer Systems
Journal of Network and Computer Applications
Pools, clubs and security: designing for a party not a person
Proceedings of the 2012 workshop on New security paradigms
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
Future Generation Computer Systems
Anonymous Shared Certificate Entity Authentication Protocol
Wireless Personal Communications: An International Journal
Policy-driven role-based access management for ad-hoc collaboration
Journal of Computer Security
| Hi-index | 0.01 |
The major emphasis of public key infrastructure has been to provide a cryptographically secure means of authenticating identities. However, procedures for authorizing the holders of these identities to perform specific actions still need additional research and development. While there are a number of proposed standards for authorization structures and protocols such as KeyNote, SPKI, and SAML based on X.509 or other key-based identities, none have been widely adopted. As part of an effort to use X.509 identities to provide authorization in highly distributed environments, we have developed and deployed an authorization service based on X.509 identified users and access policy contained in certificates signed by X.509 identified stakeholders. The major goal of this system, called Akenti, is to produce a usable authorization system for an environment consisting of distributed resources used by geographically and administratively distributed users. Akenti assumes communication between users and resources over a secure protocol such as transport layer security (TLS) to provide mutual authentication with X.509 certificates. This paper explains the authorization model and policy language used by Akenti, and how we have implemented an Apache authorization module to provide Akenti authorization.