Distributed authorization provides the ability to control access to resources spread over the Internet. Typical authorization systems consider a range of security information like user identities, role identities or even temporal, spatial and contextual information associated with the access requestor. However, the ability to include computing platform related information has been quite limited...

This paper describes the application programming interface (API) providing authorization and access control in IRO-DB. IRO-DB is an ODMB compliant federated database system supporting interoperable access between relational and object-oriented databases. The developed security API implements a federated, administrative, discretionary access control policy which is role-based but additionally su...

This paper1 presents an architecture to meet the needs for authentication and authorization in Grid based component systems. While Grid Security Infrastructure (GSI) [1] is widely accepted as the standard for authentication on the Grid, distributed authorization is still an open problem being investigated by various groups [2],[3],[4]. Our design provides authentication and fine-grained authori...

This paper describes an access control model based on X.509v3 certi cates for user authorization on HTTP servers secured by SSL. The authorization model presented is based on the concept of authentication roles , that are the handlers that identify a single certi cate (or a group of them) inside the access control list (ACL). The separation between authentication (role mapping) and authorizatio...

The patient’s life is a redline in Healthcare environments. Whenever it comes to danger, such environments reject static authorizations . A common problem "Break The Glass" is known as the act of breaking the static authorization in order to reach the required permission. Healthcare environment is full of different contexts and situations that require the authorizations to be dynamic. Dynamic A...

Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on...

This paper presents a method for using the Security Assertion Markup Language (SAML) in collaboration with SIP to accommodate richer authorization mechanisms and enable trait-based authorization whereby users are authorized based on traits (or attributes) instead of identity. As such, this provides an alternative to existing authorization mechanisms for SIP. Existing mechanisms are generally id...

This paper presents a formal model that interprets authorization policy behaviors. The model establishes a connection of applying authorization policies on an administration domain with dissecting the domain into the authorized, denied, and undefined divisions. This connection enables us to analyze authorization policy development problems such as policy merge, inconsistency, ambiguity, and red...

Automated trust negotiation (ATN) is a promising approach to establishing trust between two entities without any prior knowledge of each other. However, real-world authorization processes often involve online input from third parties, which ATN does not support. In this paper, we introduce multiparty trust negotiation (MTN) as a new approach to distributed authorization. We define a Datalog-bas...

Currently, the identity eco-system on the Web is fragmented between a number of different flows for authorization with no standardized high-security authentication mechanism outside of usernames-passwords. Current identity solutions such as OpenID Connect and BrowserID are on an abstract level just two different authorization flows that differ across a number of criteria such as privacy. We als...