The development of adequate security solutions, and in particular of authentication and authorization techniques, for grid computing systems is a challenging task. Recent trends of service oriented architectures (SOA), where users access grids through a science gateway — a web service that serves as a portal between users of a virtual organizations (VO) and the various computation resources, fu...

ion and Composition One of the rst issues that arises is that of abstraction and modeling. What is the proper abstraction to specify and manage authorization functions and tasks. We propose the abstraction of an authorization-task-unit to model the authorizations associated with every authorization function. Such an authorization unit may be composed of other smaller units called called approva...

We present a trust management kernel that clearly separates authorization and structured distributed naming. Given an access request and supporting credentials, the kernel determines whether the request is authorized. We prove soundness and completeness of the authorization system without names and prove that naming is orthogonal to authorization in a precise sense. The orthogonality theorem gi...

The trust –management approach to distributed system security is developed as an answer to the inadequacy of traditional authorization mechanism. The subjective concept of trust not only enables users to better understand the paradigm of pervasive computing, but also opens new direction of research for solving existing problems such as security [8], management of online communities or e-service...

Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in busines...

In dynamic collaboration, participants oftentimes need to share resources with each other under the same criteria. However, since each participant has its own authorization policies as a way of controlling resource access, their discrepancies make such collaboration difficult. It is desired to develop a practical and automatic way to generate the collaborative policies for coequal authorization...

Authorization and protection deal with the problem of the control of access to resources. A key aspect of modern computing systems is resource sharing, so a need arose to govern access to these resources only to authorized users. In multi-user operating systems (such as Linux) authorization is of great interest. Computer security and authorization as a subset is characterized by the fact that a...

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as refer...

In this paper, we consider an environment where a group of parties have their own relational databases, and provide restricted access to other parties. In order to implement desired bushiness services, each party defines a set of authorization rules over the join of basic relations, and the accessible information is constrained by these rules. However, authorization rules are given based on the...

Java 2 Security enhanced with the Java Authentication and Authorization Service (JAAS) provide sophisticated access control features via a user-configurable authorization policy. Fine-grained access control, code-based as well as user-based authorization, and implicit access rights allow the implementation of real-world policies, but of the cost of increased complexity. In this paper we provide...