Policy based access control in dynamic grid-based collaborative environment

Proceedings of the 2006 International Symposium on Collaborative Technologies and Systems, CTS 2006

Volumn 2006, Issue , 2006, Pages 64-73

  Demchenko, Yuri ^a   Gommans, Leon ^a   De Laat, Cees ^a   Tokmakoff, Andrew ^b   Van Buuren, Rene ^b  

^a UNIVERSITY OF AMSTERDAM   (Netherlands)

^b TELEMATICA INSTITUUT   (Netherlands)

Author keywords

Grid based collaborative environment; Policy based access control; RBAC; SAML; Workflow; XACML

Indexed keywords

GRID-BASED COLLABORATIVE ENVIRONMENT; POLICY-BASED ACCESS CONTROL; RBAC; RESOURCE PROVISIONING; SAML; WORKFLOW; XACML;

DISTRIBUTED COMPUTER SYSTEMS; MATHEMATICAL MODELS; MIDDLEWARE; SECURITY OF DATA; VIRTUAL REALITY;

COMPUTER SUPPORTED COOPERATIVE WORK;

EID: 33845573353     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CTS.2006.59     Document Type: Conference Paper

References (25)

1. "Web Services Architecture". W3C Working Draft 8 August 2003. - http://www.w3.org/TR/ws-arch/
2. Foster, I. et al, "The Open Grid Services Architecture, Version 1.0", Global Grid Forum, 29 January 2005, available from http://www.gridforum.org/documents/GFD.30.pdf
3. Demchenko, Y., L. Gommans, C. de Laat, B. Oudenaarde, A. Tokmakoff, M. Snijders, "Job-centric Security model for Open Collaborative Environment," The 2005 International Symposium on Collaborative Technologies and Systems, Saint Louis, USA, May 15-19, 2005, Proceedings. IEEE Computer Society, ISBN: 0-7695-2387-0, pp. 69-77.
4. Zhiming Zhao et al, "Including the State of art scientific workflow management systems in an e-Science environment", available from http://staff.science.uva.nl/~zhiming/project/vl-e/ZhaoZ-UvA-e-Science-workflow- paper.pdf
5. "Web Services Business Process Execution Language. Version 2.0", OASIS Committee Draft, 21 December 2005, available from http://www.oasis-open.org/committees/download.php/16024/wsbpel-specification- draft-Dec-22-2005.htm
6. "Business Process Execution Language for Web Services version 1.1", Updated February 1, 2005. available from http://www-128.ibm.com/ developerworks/library/specification/ws-bpel/
7. Andrieux, A. et al, "Web Services Agreement Specification (WS-Agreement)," August 2004, available from https://forge.gridforum.org/ projects/graap-wg/document/WS-AgreementSpecification/
8. Grid Distributed Resource Management Application API (DRMAA), available from https://forge.gridforum.org/projects/drmaa-wg
9. Information Technology - Role Based Access Control, Document Number: ANSI/INCITS 359-2004, InterNational Committee for Information Technology Standards, 3 February 2004, 56 p.
10. Generic Authorization Authentication and Accounting. [Online]. Available: http://www.science.uva.nl/research/air/projects/aaa/
11. Laat de, C., G. Gross, L. Gommans, J. Vollbrecht, D. Spence, "Generic AAA Architecture," Experimental RFC 2903, Internet Engineering Task Force, August 2000. ftp://ftp.isi.edu/in-notes/rfc2903.txt
12. Vollbrecht, J., P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D. Spence, "AAA Authorization Framework," Informational RFC 2904, Internet Engineering Task Force, August 2000. ftp://ftp.isi.edu/in-notes/rfc2904.txt
13. GT 4.0: Security: Authorization Framework. [Online]. Available: http://www.globus.org/toolkit/docs/4.0/security/authzframe/
14. Welsh, V. et al, "Use of SAML for OGSI Authorization", GGF Draft, August 15, 2005, available from https://forge.gridforum.org/projects/ ogsa-authz
15. gLite Security Subsystem. [Online]. Available: http://glite.web.cern.ch/ glite/security/
16. Godik, S. et al, "extensible Access Control Markup Language (XACML) Version 2.0", OASIS Working Draft 04, 6 December 2004, available from http://docs.oasis-open.org/xacml/access_control-xacml-2_0-core-spec-cd-04.pdf
17. "Core and hierarchical role based access control (RBAC) profile of XACML v2.0", OASIS Standard, 1 February 2005, available from http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1- spec-os.pdf
18. "Hierarchical resource profile of XACML 2.0", OASIS Standard, 1 February 2005, available from http://docs.oasis-open.org/xacml/access_control- xacml-2.0-hier_profile-spec-cd-01.pdf
19. "Multiple resource profile of XACML 2.0", OASIS Standard, 1 February 2005, available from http://docs.oasis-open.org/xacml/access_control- xacml-2.0-mult_profile-spec-cd-01.pdf
20. Cantor, S. et al, "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0," Committee Draft 04, 14 January 2005, available from http://www.oasis-open.org/committees/download.php/10627/ sstc-saml-core-2.0-cd-03.pdf
21. Anderson, A. et al, "SAML 2.0 profile of XACML," OASIS Committee Draft 02, 11 November 2004, available from http://docs.oasis-open.org/ xacml/access_control-xacml-2.0-saml_profile-spec-cd-02.pdf
22. Demchenko, Y., et al., "VO-based Dynamic Security Associations in Collaborative Grid Environment," The 2006 International Symposium on Collaborative Technologies and Systems, Las Vegas, NV, USA, May 14-18,2006, Accepted.
23. Shibboleth Project. [Online]. Available: http://shibboleth.internet2.edu/
24. GridShib - A Policy Controlled Attribute Framework. [Online]. Available: http://grid.ncsa.uiuc.edu/GridShib/
25. Virtual Organisation Membership Service (VOMS). [Online]. Available: http://infnforge.can.infn.it/voms/