Large information bases that are used by several different users and applications accommodate the demands of their users more effectively, if they can be split into possibly overlapping fragments, called contexts. The latter allow one to focus attention on specific concerns such as topics, tasks, or user-views. This paper proposes a conceptual, generic framework for contexts supporting context-...

The Transform access-control model is based on the concept of transformation of access rights. It has previously been shown that Transform uni es a number of diverse access control mechanisms such as ampli cation, copy ags, separation of duties and synergistic authorization. It has also been shown that Transform has an e cient algorithm for safety analysis of the propagation of access rights (i...

This paper proposes an Authorization-Pull support for Community Authorization Services (CAS), an authorization-push model for the Grid authorization by the Globus Alliance, to evaluate it in the role of a pull model. The proposed system tries to evaluate the advantages and use of an authorization-pull model in the grid scenario making use of CAS and compares the same with the push-model origina...

The Transform model is based on the concept of transformation of access rights. It unifies a number of diverse acccsscontrol mechanisms such as amplification, copy flags, separation of duties and synergistic authorization. In this paper we describe a distributed architecture for implementing Transform. Our architecture is based on capabilities with identities of subjects buried in them. This en...

26 In this paper, we have omitted discussion of many of the more practical details due to length limitation. For example, the problems of consistency (due to cache invalidation and certiicate expiration), group membership maintenance and propagation of authorization must be addressed in an implementation. A prototype implementation of our design is currently under way. We have nished implementi...

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the π-calculus so as to...