Secure Authorization for Federated Environments ( SAFE ) Overview and Progress Report
نویسنده
چکیده
SAFE is an example of declarative trust management. Principals use a declarative language to make statements about one another and about objects in the system. These statements are secure assertions: they are authenticated and the source (speaker) of every statement is tracked. Principals reason from these statements according to policy rules, which are also written in the declarative language. Principals run local copies of an inference engine that interprets the language to make trust decisions from local beliefs, local policy rules, and statements (e.g., credentials) received from other participants. One canonical example of a declarative trust management system is SPKI/SDSI [11].
منابع مشابه
Authorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملTowards Secure Mediation
A secure mediated information system should support scenarious where dynamically changing information sources advertise their information resources, and application speciic mediators collect and assemble these resources into useful information in order to support the requests of their spontaneous clients. While doing this, the mediators should enforce security constraints in the application env...
متن کاملGÉANT world testbed facility: Federated and distributed testbeds as a service facility of GÉANT
Global network innovation requires large-scale distributed test facilities that are similar to the typically multidomain real-world environments in order to ensure the agile adaptation of new concepts, architectures, technologies and protocols from prototyping through testing into production. Virtualization, in general, allows network researchers to create insulated autonomous slices of product...
متن کاملSAFE: A Declarative Trust Management System with Linked Credentials
We present SAFE, an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context—a set of authenticated logic statements representing credentials and policies issued by various principals in a networked system. A key barrier to practical use of logical trust systems is the problem of managing p...
متن کاملSecurity Architectures for Large - Scale Remote Environments 1 ( A DOE / ER / MICS DICCE Project Report )
This report describes a project that is designing and implementing a prototype of a generalized public-key certificate infrastructure that can provide a highly scalable and transparent infrastructure for both authentication and authorization of access to network based services. The goal is to produce a generalized security architecture that can encode, distribute, and protect the information ne...
متن کامل