An Approach to Identity Management for Service Centric Systems
ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
Global-scale peer-to-peer file services with DFS
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
A trust degree based access control in grid environments
Information Sciences: an International Journal
DPMF: A policy management framework for heterogeneous authorization systems in grid environments
Multiagent and Grid Systems - Content management and delivery through P2P-based content networks
Virtual environments: framework for virtualized resource access in the grid
Euro-Par'06 Proceedings of the CoreGRID 2006, UNICORE Summit 2006, Petascale Computational Biology and Bioinformatics conference on Parallel processing
Semantic-based authorization architecture for Grid
Future Generation Computer Systems
Churn tolerant virtual organization file system for grids
PPAM'09 Proceedings of the 8th international conference on Parallel processing and applied mathematics: Part II
Provenance security guarantee from origin up to now in the e-Science environment
Journal of Systems Architecture: the EUROMICRO Journal
Shibboleth and community authorization services: enabling role-based grid access
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part II
Future Generation Computer Systems
Hi-index | 0.00 |
A Grid system is a Virtual Organization that is composed of several autonomous domains. Authorization in such a system needs to be flexible and scalable to support multiple security policies. Basing on the Web Services security specifications such as XACML, SAML, and the special security needs of the Grid computing, we have constructed an authorization framework in the Globus Toolkit 4 that can support multiple policies. This paper describes the concepts of our design and introduces the structure and the components of the authorization framework. To show the flexibility and scalability of the framework, we introduce a new blacklist/whitelistbased authorization mechanism that can be seamlessly integrated into the framework.