Name
Abstract | ||
|---|---|---|
An attribute-based authorization infrastructure developed for the Open Science Grid is presented. The infrastructure integrates existing identity-mapping and group-membership service using concepts prototyped in the PRIMA system. Authorization scenarios for requests to compute and data resources are detailed. A new SAML obligated authorization decision statement is introduced that attaches an XACML obligation to the authorization decision. The use of obligations enables site-centralized, service-independent policy management. Authorization decisions are enforced via a Workspace Service that creates constrained execution environments configured in accordance with the obligations and other attribute-based information. Finally, an experimental PRIMA authorization service that extends and simplifies the infrastructure is described. |
Year | DOI | Venue |
|---|---|---|
2005 | 10.1109/GRID.2005.1542719 | GRID |
Keywords | Field | DocType |
authorisation,grid computing,natural sciences computing,open systems,Open Science Grid,PRIMA authorization service,SAML obligated authorization decision statement,Workspace Service,XACML obligation,account management,attribute-based authorization infrastructure,data resources,group membership,identity mapping,service-independent policy management,site-centralized policy management | Obligation,Grid computing,Workspace,Computer security,Computer science,XACML,Open science,Open system (systems theory),Database,Grid,Authorization certificate | Conference |
ISBN | Citations | PageRank |
0-7803-9492-5 | 9 | 0.87 |
References | Authors | |
5 | 8 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| M. Lorch | 1 | 72 | 5.54 |
| D. Kafura | 2 | 79 | 6.62 |
| I. Fisk | 3 | 74 | 9.64 |
| K. Keahey | 4 | 194 | 52.01 |
| G. Carcassi | 5 | 9 | 0.87 |
| T. Freeman | 6 | 786 | 74.19 |
| T. Peremutov | 7 | 9 | 0.87 |
| A. S. Rana | 8 | 9 | 0.87 |