An XACML-based Policy Management and Authorization Service for Globus Resources
نویسندگان
چکیده
In this paper we describe our approach to a policy management system and a policy enforcement point which is integrated into the Globus Toolkit middleware. Our system enables the specification and modification of resource policies by administrative parties through a graphical user interface and the secure association with and transport of these policies to the policy decision components.
منابع مشابه
An authorization Framework for Grid Security using GT4
A Grid system is a Virtual Organization that is composed of several autonomous domains .It concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations.” The dynamic and multiinstitutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanism...
متن کاملAdoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE
The Authorization Interoperability activity was initiated in 2006 to foster interoperability between middleware and authorization infrastructures deployed in the Open Science Grid (OSG) and the Enabling Grids for E-sciencE (EGEE) projects. This activity delivered a common authorization protocol and a set of libraries that implement that protocol. In addition, a set of the most common Grid gatew...
متن کاملPluggable Authorization and Distributed Enforcement with pam_xacml
Access control is a critical functionality in distributed systems. Services and resources must be protected from unauthorized access. The prevalent practice is that service specific policies reside at the services and govern the access control. It is hard to keep distributed authorization policies consistent with the global security policy of an organization. A recent trend is to unify the diff...
متن کاملAccess and Usage Control in Grid
Grid is a computational environment where heterogeneous resources are virtualized and outsourced to multiple users across the Internet. The increasing popularity of the resources visualization is explained by the emerging suitability of such technology for automated execution of heavy parts of business and research processes. Efficient and flexible framework for the access and usage control ove...
متن کاملA Heterogeneous Network Access Service Based on PERMIS and SAML
The expansion of inter-organizational scenarios based on different authorization schemes involves the development of integration solutions allowing different authorization domains to share, in some way, protected resources. This paper analyzes different emerging technologies. On the one hand, we have two XML-based standards, the SAML standard, which is being widely accepted as a language to exp...
متن کامل