Abstract | ||
---|---|---|
An attribute-based authorisation infrastructure developed for the Open Science Grid (OSG) is presented. The infrastructure integrates existing identity-mapping and group-membership services using concepts prototyped in the PRIMA system. Authorisation scenarios for requests to compute and data resources are detailed. A new SAML obligated authorisation decision statement is introduced that attaches an XACML obligation to the authorisation decision. The use of obligations enables site-centralised, service-independent policy management. Authorisation decisions are enforced via a Workspace Service that creates constrained execution environments configured in accordance with the obligations and other attribute-based information. Finally, an experimental PRIMA authorisation service that extends and simplifies the infrastructure is described. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1504/IJHPCN.2008.020859 | IJHPCN |
Keywords | Field | DocType |
attribute-based authorisation infrastructure,attribute-based information,prima system,authorisation decision statement,workspace service,open science grid,experimental prima authorisation service,identity mapping service,authorisation scenario,authorisation decision,xacml obligation,grid computing,authorisation | Obligation,Grid computing,Computer science,Computer security,Workspace,Authorization,XACML,Open science,Access control,Grid | Journal |
Volume | Issue | Citations |
5 | 3 | 1 |
PageRank | References | Authors |
0.36 | 5 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Markus Lorch | 1 | 189 | 14.93 |
Dennis Kafura | 2 | 294 | 58.98 |
Ian Fisk | 3 | 5 | 1.43 |
Kate Keahey | 4 | 798 | 59.49 |
T. Freeman | 5 | 786 | 74.19 |
Abhishek Singh Rana | 6 | 1 | 0.36 |
Frank Wü/rthwein | 7 | 1 | 0.36 |