Dynamic security context management in Grid-based applications
Future Generation Computer Systems
An Annotation-Based Access Control Model and Tools for Collaborative Information Spaces
WSKS '08 Proceedings of the 1st world summit on The Knowledge Society: Emerging Technologies and Information Systems for the Knowledge Society
Using Workflow for Dynamic Security Context Management in Grid-based Applications
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Annotation-based access control for collaborative information spaces
Computers in Human Behavior
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
Hi-index | 0.00 |
This paper describes the design and development of a flexible, customer-driven, security infrastructure for Gridbased Collaborative Environments. The paper proposes further development of the access control model built around a service or resource provisioning agreement (e.g., an experiment or project) that is used as a basis for an instant access control policy definition and virtual association of users and resources. Workflow management technology is considered as a solution for dynamic security context management during the lifetime of an experiment. The paper analyses the required functionality and suggests extensions to the generic AAA Authorisation framework in order to support complex collaboration scenarios in dynamic virtualised environments. The paper provides implementation details on the use of XACML for fine-grained access control policy definition for complex resources and team-based role management, and SAML for secure credentials exchange. In addition, the paper discusses how the Virtual Organisations (VO) concept can be used for experiment-based dynamic security association management. The proposed technical solutions are intended to be compatible and interoperable with the current implementation of the Grid security middleware in the Globus Toolkit and gLite. The paper is based on experiences gained from major Grid-based and Gridoriented projects in collaborative applications and complex resource provisioning.