PERMIS: A modular authorization infrastructure

Concurrency and Computation: Practice and Experience

Volumn 20, Issue 11, 2008, Pages 1341-1357

  Chadwick, David ^a   Zhao, Gansen ^b   Otenko, Sassa ^b   Laborde, Romain ^c   Su, Linying ^a   Nguyen, Tuan Anh ^a  

^a UNIVERSITY OF KENT   (United Kingdom)

^b ORACLE CORPORATION   (United States)

^c IRIT   (France)

Author keywords

Access control decisions; Authorization infrastructure; Grid security; PDP

Indexed keywords

DECISION MAKING;

ACCESS CONTROL DECISIONS; AUTHORIZATION AND ACCESS CONTROL; AUTHORIZATION INFRASTRUCTURE; CREDENTIAL MANAGEMENT; DELEGATION OF AUTHORITY; DISTRIBUTED MANAGEMENT; GRID SECURITY; RESEARCH AND DEVELOPMENT;

ACCESS CONTROL;

EID: 49149113425     PISSN: 15320626     EISSN: 15320634     Source Type: Journal    
DOI: 10.1002/cpe.1313     Document Type: Conference Paper

References (30)

1. Chadwick DW, Otenko A. The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 2002; 936:1-13.
2. Security frameworks for open systems: Access control framework. ITU-T Rec X.812, 1995|ISO/IEC 10181-3, 1996.
3. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 2001; 4(3):224-274.
4. Zhang N, Yao L, Nenadic A, Chin J, Goble C, Rector A, Chadwick D, Otenko S, Shi Q. Achieving fine-grained access control in virtual organisations. Concurrency and Computation: Practice and Experience 2007; 19(9): 1333-1352.
5. OASIS. Security Assertion Markup Language (SAML) 2.0 Specification. OASIS, November 2004, see http://www.oasis-open.org/ committees/tc_home.php?wg_abbrev=security.
6. Alfieri R, Cecchini R, Ciaschini V, Dell'Agnello L, Frohner A, Lorentey K, Spataro F. From gridmap-file to VOMS: managing authorization in a Grid environment. Future Generation Computer Systems 2005; 21(4):549-558.
7. The directory: Public-key and attribute certificate frameworks, ISO 9594-8/ITU-T Rec. X.509. 2001.
8. Barton T, Basney J, Freeman T, Scavo T, Siebenlist F, Welch V, Ananthakrishnan R, Baker B, Keahey K. Identity federation and attribute-based authorization through the globus toolkit, Shibboleth, Gridshib, and MyProxy. Fifth Annual PKI R&D Workshop, Gaitherburg, U.S.A., April 2006. Available from http://middleware.internet2.edu/pki06/proceedings/ welchidfederation.pdf.
9. For the Shintau Project, see http://sec.cs.kent.ac.uk/shintau [17 February 2008].
10. Chadwick DW, Su L, Laborde R. Coordinating access control in grid services. Concurrency and Computation: Practice and Experience 2007; DOI: 10.1002/cpe.1284.
11. Chadwick DW, Xu W, Otenko S, Laborde R, Nasser B. Multi-session separation of duties (MSoD) for RBAC. First International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07), Istanbul, Turkey, 16-20 April 2007.
12. Brostoff S, Sasse MA, Chadwick D, Cunningham J, Mbanaso U, Otenko S. R-What? Development of a role-based access control (RBAC) policy-writing tool for e-scientists. Software - Practice and Experience 2005; 35(9):835-856.
13. Chadwick DW, Anthony S. Using WebDAV for improved certificate revocation and publication. Public Key Infrastructure. (Lecture Notes in Computer Science, vol. 4582). Proceedings of 4th European PKI Workshop, Palma de Mallorca, Spain. Springer: Berlin, June 2007; 265-279.
14. The directory: Public-key and attribute certificate frameworks, ISO 9594-8/ITU-T Rec. X.509. 2005.
15. Chadwick DW. Delegation issuing service. NIST 4th Annual PKI Workshop, Gaithersburg, U.S.A., 19-21 April 2005.
16. Sun's XACML Implementation. http://sunxacml.sourceforge.net/ [17 February 20081.
17. Foster I. Globus toolkit version 4: Software for service-oriented systems. IFIP International Conference on Network and Parallel Computing (Lecture Notes in Computer Science, vol. 3779). Springer: Berlin, 2005; 2-13.
18. Welch V, Ananthakrishnan R, Siebenlist F, Chadwick D, Meder S, Pearlman L. Use of SAML for OGSI authorization. GFD.66. March 2006.
19. Chadwick D, Otenko S, Welch V. Using SAML to link the GLOBUS toolkit to the PERMIS authorization infrastructure. Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Windermere, U.K., September 2004.
20. OASIS. XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS. October 2005, see http://www.oasis-open.org/committees/ tc_home.php?wg_abbrev=xacml.
21. Cantor S. Shibboleth architecture, protocols and profiles. Working Draft, 10 September 2005. Available at: http://shibboleth.internet2.edu/ shibboleth-documents.html [17 February 2008].
22. Xu W, Chadwick D, Otenko S. Development of a flexible PERMIS authorization module for Shibboleth and Apache server. Proceedings of 2nd EuroPKI Workshop (Lecture Notes in Computer Science, vol. 3545), University of Kent, July 2005; 162-179. DOI: 10.1007/11533733.11.
23. Chadwick DW, Novikov A. Otenko A. GridShib and PERMIS integration. Campus-Wide Information Systems 2006; 23(4):297-308. ISSN: 1065-0741.
24. Manandhar A, Drinkwater G, Tyer R, Kleese K. Authorization framework in Grid environment. Proceedings of Communication. Network, and Information Security (CNIS 2003), New York, U.S.A., December 2003. Available from http://www.actapress.com/Abstract.aspx?paperId=20408.
25. OASIS. XACML v3.0 Administrative policy version 1.0. Working Draft 16, 22 February 2007.
26. Foster I, Kesselman C, Pearlman L, Tuecke S, Welch V. The community authorization service: Status and future. Proceedings of Computing in High Energy Physics 03 (CHEP '03), La Jolla, CA, 2003.
27. Ellison C, Frantz B, Lampson B, Rivest R, Thomsa B, Ylonen T. SPKI certificate theory. RFC 2693, September 1999.
28. Steenbakkers M. Guide to LCAS v. 1.1.16. September 2003. http://www.dutchgrid.nl/DataGrid/wp4/lcas/edg-lcas-1.1 [17 February 2008].
29. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A. The KeyNote trust management system version 2. RFC 2704, September 1999.
30. For the VPMan Project. http://sec.cs.kent.ac.uk/vpman [17 February 2008].