Real-world applications routinely make authorization decisions based on dynamic computation. Rea-soning about dynamically computed authority is challenging. Integrity of the system might be compro-mised if attackers can improperly influence the authorizing computation. Confidentiality can also becompromised by authorization, since authorization decisions are often based on sensitive...

Access control is a critical functionality in distributed systems. Services and resources must be protected from unauthorized access. The prevalent practice is that service specific policies reside at the services and govern the access control. It is hard to keep distributed authorization policies consistent with the global security policy of an organization. A recent trend is to unify the diff...

While much of the Grid security community has focused on developing new authorization systems, the real challenge is often integrating legacy authorization systems with Grid software. The existing authorization system might not understand Grid authentication, might not scale to Grid-level usage, might not be able to understand the operations that are requested to be authorized, and might requir...

This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The paper also describes authorization algorithms required to authorize a Web service client. Th...

This paper describes a security system for authorization in open networks. Authorization means authority to access certain resources, to perform certain operations, or to use certain system functions. In this paper, the authorization system bases on use of attribute certificates. An attribute certificate is a signed object containing authorization attributes of a user. Before checking whether a...